Lucene search

SamsungMobileVULNRICHMENT:CVE-2024-20832

HistoryMar 05, 2024 - 4:44 a.m.

CVE-2024-20832

2024-03-0504:44:40

SamsungMobile

github.com

heap overflow

little kernel

smr mar-2024

local attackers

execute code

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*"
    ],
    "vendor": "samsung_mobile",
    "product": "samsung_mobile_devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "smr_mar_2024_release_in_selected_android _11_12_13_14_mediatek devices"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-20832