CVE-2024-27385

medium

Description

A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite.

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27385/

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Details

Source: Mitre, NVD

Published: 2024-07-09

Updated: 2025-06-26

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.7

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00057