Skip to content

CVE-2024-27377

In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info → key_info.body.pmk_info.pmk_len coming from userspace, which can lead to heap overwrite in Samsung Mobile Processor

Jun 03, 2024

This table summarizes key information about the CVE-2024-27377, including its identifier, title, affected products, versions, severity, reporting date, patched versions, and acknowledgement status.
Category Content
CVE ID CVE-2024-27377
Description In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info → key_info.body.pmk_info.pmk_len coming from userspace, which can lead to heap overwrite in Samsung Mobile Processor
Affected Version Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, Exynos 1330
Severity Medium
Reported Date 2023.12.13
Acknowledgment jiayy

Would you like to
leave this page?
If you leave this page, the content you are creating
will not be saved.

Registration Are you sure you want to submit this?

Thank you! Please confirm your registration

Your subscription is not active yet!
An email with an activation link
has just been sent to your email address.
Please activate your subscription by clicking on
the activation link inside the email.

Confirm
Thank you! Please confirm

your existing registration

You have already registered, but before we can send you the
information about upcoming events, we need your confirmation.

If you missed our previous email, please use the button below to resend it.
To activate your subscription, please click on the link included in the email.

Resend
Alert

To proceed, please click on the "check" button located in the email section.

Confirm