CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.
Vendor | Product | Version | CPE |
---|---|---|---|
samsung | exynos_980_firmware | - | cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_980 | - | cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:* |
samsung | exynos_850_firmware | - | cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_850 | - | cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:* |
samsung | exynos_1280_firmware | - | cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1280 | - | cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:* |
samsung | exynos_1380_firmware | - | cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1380 | - | cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:* |
samsung | exynos_1330_firmware | - | cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1330 | - | cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:* |