CVE-2024-27377 Information

Jun 06, 2024 cve

Description

An issue was discovered in Samsung Mobile Processor Exynos 980 Exynos 850 Exynos 1280 Exynos 1380 and Exynos 1330. In the function slsi_nan_get_security_info_nl() there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace which can lead to a heap overwrite.

Reference

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Share on: