CVE-2024-27377

The CVE-2024-27377 entry concerns Samsung Mobile Processors (Exynos 980/850/1280/1380/1330). The root cause is missing input validation in slsi_nan_get_security_info_nl() for sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can trigger a heap overwrite. Documents identify ...

CVE-2024-27370

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinanconfiggetnlparams, there is no input validation check on halreq-numconfigdiscoveryattr coming from userspace, which can lead to a heap overwrite...

CVE-2024-27370

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinanconfiggetnlparams, there is no input validation check on halreq-numconfigdiscoveryattr coming from userspace, which can lead to a heap overwrite...

CVE-2024-27381

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisendactionframeut, there is no input validation check on len coming from userspace, which can lead to a heap over-read...

CVE-2024-27381

CVE-2024-27381 affects Samsung Mobile Processor Exynos 980/850/1280/1380/1330. The issue is in the function slsi_send_action_frame_ut() where there is no input validation on len from userspace, enabling a heap over-read. Impact is labeled as Confidentiality HIGH and Availability HIGH, with Local ...

CVE-2024-27381

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisendactionframeut, there is no input validation check on len coming from userspace, which can lead to a heap over-read...

CVE-2024-27382

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisendactionframe, there is no input validation check on len coming from userspace, which can lead to a heap over-read...

CVE-2024-27382

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisendactionframe, there is no input validation check on len coming from userspace, which can lead to a heap over-read...

CVE-2024-27378

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisendactionframecert, there is no input validation check on len coming from userspace, which can lead to a heap over-read...

CVE-2024-27378

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisendactionframecert, there is no input validation check on len coming from userspace, which can lead to a heap over-read...

CVE-2024-27378

In the provided documents, CVE-2024-27378 affects Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. The flaw resides in the function slsi_send_action_frame_cert(), where there is no input validation for the len value from userspace, enabling a heap over-r...

CVE-2024-27376

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinansubscribegetnlparams, there is no input validation check on halreq-rxmatchfilterlen coming from userspace, which can lead to a heap overwrite...

CVE-2024-27380

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisetdelayedwakeuptype, there is no input validation check on a length of ioctlargs-argsi coming from userspace, which can lead to a heap over-read...

CVE-2024-27380

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisetdelayedwakeuptype, there is no input validation check on a length of ioctlargs-argsi coming from userspace, which can lead to a heap over-read...

CVE-2024-27380

CVE-2024-27380 affects Samsung Mobile Processors: Exynos 980, 850, 1280, 1380, and 1330. The issue is in the driver function slsi_set_delayed_wakeup_type() , where there is no input validation for the length of ioctl_args->args[i] coming from userspace, leading to a potential heap over-read . ...

CVE-2024-27379

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinansubscribegetnlparams, there is no input validation check on halreq-numintfaddrpresent coming from userspace, which can lead to a heap overwrite...

CVE-2023-50804

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format typ...

CVE-2024-28818

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specifie...

CVE-2023-49928

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not...

CVE-2023-50803

CVE-2023-50803 affects Samsung Mobile Processor baseband/modem (several Exynos models). The issue is that replay protection in NAS is not properly checked by the baseband, enabling potential denial of service. Connected sources confirm the vulnerability in Samsung Exynos modem stack and list DoS ...