CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.
Vendor | Product | Version | CPE |
---|---|---|---|
samsung | exynos_980_firmware | - | cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_980 | - | cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:* |
samsung | exynos_850_firmware | - | cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_850 | - | cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:* |
samsung | exynos_1280_firmware | - | cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1280 | - | cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:* |
samsung | exynos_1380_firmware | - | cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1380 | - | cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:* |
samsung | exynos_1330_firmware | - | cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1330 | - | cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:* |