cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-27368,https://securityvulnerability.io/vulnerability/CVE-2024-27368,Samsung Exynos Processor Vulnerable to Heap Over-Read Due to Lack of Input Validation,"An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.",Samsung,Exynos 980 Firmware,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27365,https://securityvulnerability.io/vulnerability/CVE-2024-27365,Heap Over-read Vulnerability in Samsung Exynos Processors,"An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.",Samsung,Exynos 980 Firmware,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27383,https://securityvulnerability.io/vulnerability/CVE-2024-27383,Heap Overwrite Vulnerability Affects Samsung Mobile Processors,"A vulnerability affecting Samsung's Exynos mobile processors including models 980, 850, 1280, 1380, and 1330 has been identified. The flaw arises in the function slsi_get_scan_extra_ies(), where the system fails to perform adequate input validation on data sourced from userspace. This oversight can potentially lead to a heap overwrite, allowing attackers to manipulate the memory allocation process and execute arbitrary code, posing significant security risks to devices utilizing these processors.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27367,https://securityvulnerability.io/vulnerability/CVE-2024-27367,Input Validation Flaw in Samsung Exynos Wearable Processors,"An input validation issue has been identified in various Samsung Exynos Wearable Processors, including Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, and W930. The flaw exists in the slsi_rx_scan_ind() function, where user-supplied data length is not properly validated. This oversight can result in an integer overflow, potentially leading to a heap over-read situation, exposing sensitive data and increasing the risk for exploitation.",Samsung,Exynos 980 Firmware,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27364,https://securityvulnerability.io/vulnerability/CVE-2024-27364,Exynos Processors Vulnerable to Heap Over-Read Due to Lack of Input Validation,"An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.",Samsung,Exynos 980 Firmware,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27366,https://securityvulnerability.io/vulnerability/CVE-2024-27366,Samsung Mobile Processor Vulnerable to Heap Over-Read,"An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.",Samsung,Exynos 980 Firmware,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27372,https://securityvulnerability.io/vulnerability/CVE-2024-27372,Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors,"A vulnerability has been identified in Samsung's Exynos mobile processors, specifically affecting the Exynos 980, 850, 1280, 1380, and 1330. The issue arises in the slsi_nan_config_get_nl_params() function, where an absence of input validation checks on the incoming variable disc_attr->infrastructure_ssid_len from user space can lead to improper handling of memory allocation. This oversight may allow for heap overflow exploitation, potentially compromising system integrity and security. Users and developers are advised to review Samsung's security updates for necessary mitigations.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27376,https://securityvulnerability.io/vulnerability/CVE-2024-27376,Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors,"A vulnerability exists in Samsung's Exynos mobile processors, identified in the function slsi_nan_subscribe_get_nl_params(). This issue arises from insufficient input validation for the parameter hal_req->rx_match_filter_len, which is received from userspace. The absence of necessary validation can allow attackers to exploit this weakness, potentially leading to a heap overwrite, which may compromise system integrity and could lead to unauthorized access or unexpected behavior within the affected devices.",Samsung,Exynos 980 Firmware,6.7,MEDIUM,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27375,https://securityvulnerability.io/vulnerability/CVE-2024-27375,Heap Overflow Vulnerability in Samsung Mobile Processors,"A vulnerability has emerged in several models of Samsung's Exynos mobile processors, specifically in the slsi_nan_followup_get_nl_params() function. This vulnerability arises from inadequate input validation on the hal_req->sdea_service_specific_info_len parameter, which originates from userspace. As a result, this oversight can lead to a heap overwrite condition, potentially compromising the security of devices powered by these processors. Users are advised to be aware of this vulnerability and implement any available security updates to protect their devices.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27374,https://securityvulnerability.io/vulnerability/CVE-2024-27374,Heap Overwrite Vulnerability in Samsung Mobile Processors,"A security vulnerability has been identified in several models of Samsung's Exynos mobile processors, specifically in the function slsi_nan_publish_get_nl_params(). The flaw arises from the absence of input validation checks for hal_req->service_specific_info_len when data is received from userspace. This oversight can potentially lead to a heap overwrite, allowing malicious actors to exploit the vulnerability to compromise the integrity of the system and execute arbitrary code, posing a risk to user data and device functionality.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27381,https://securityvulnerability.io/vulnerability/CVE-2024-27381,Heap Over-read Vulnerability in Samsung Mobile Processors,"A vulnerability exists in the Samsung Mobile Processor models Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. The flaw arises from the function slsi_send_action_frame_ut(), which lacks proper input validation for the length parameter received from userspace. This oversight can lead to a heap over-read, potentially allowing an attacker to exploit system memory. Affected users should evaluate their systems and implement necessary security measures.",Samsung,Exynos 980 Firmware,6,MEDIUM,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27380,https://securityvulnerability.io/vulnerability/CVE-2024-27380,Heap Over-read Vulnerability in Samsung Exynos Processors,"An issue in specific Samsung Exynos Mobile Processors has been identified regarding the lack of input validation in the function slsi_set_delayed_wakeup_type(). This vulnerability allows for a heap over-read scenario due to insufficient length checks on user-supplied data. Consequently, this may lead to unauthorized data access, potentially exposing sensitive information and undermining device security in numerous mobile applications. Affected models include Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330, emphasizing the need for users and manufacturers to remain vigilant and implement necessary security measures.",Samsung,Exynos 980 Firmware,6,MEDIUM,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27370,https://securityvulnerability.io/vulnerability/CVE-2024-27370,Heap Vulnerability in Samsung Mobile Processor Exynos Series,"An issue has been reported in Samsung’s mobile processors, specifically in the Exynos series, where a lack of input validation in the function handling configuration parameters can lead to unintended heap memory modifications. This flaw arises in the context of processing requests from userspace, potentially allowing an attacker to perform heap overwrite operations, thereby compromising system integrity and leading to unauthorized access or execution of arbitrary code.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-28818,https://securityvulnerability.io/vulnerability/CVE-2024-28818,Samsung Exynos Processors and Modems Vulnerable to Information Disclosure Due to Incorrect State Checking,"A serious vulnerability has been identified within the Samsung Exynos Mobile Processors and Wearable Processors, particularly affecting multiple generations including Exynos 980, 990, 1080, 2100, 2200, 1280, 1380, 1330, 2400, along with Exynos Modem 5123 and 5300. This issue arises from inadequate verification of states as dictated by the Radio Resource Control (RRC) module within the baseband software. As a consequence, this flaw may allow unauthorized access to sensitive information, posing significant risks to users relying on devices powered by these processors.",Samsung,Exynos 980 Firmware,7.5,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27382,https://securityvulnerability.io/vulnerability/CVE-2024-27382,Heap Over-read Vulnerability in Samsung Mobile Processors,"A vulnerability has been identified in select Samsung Mobile Processors where the function slsi_send_action_frame() lacks proper input validation for data received from user space. This oversight can result in a heap over-read, potentially allowing malicious entities to exploit the flaw and access sensitive information or disrupt service. The impacted processors include the Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Immediate scrutiny and protective measures are recommended to safeguard systems utilizing these processors.",Samsung,Exynos 980 Firmware,7.1,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27373,https://securityvulnerability.io/vulnerability/CVE-2024-27373,Heap Overwrite Vulnerability in Samsung Exynos Mobile Processors,"A security issue has been identified in several Samsung Exynos mobile processors, specifically Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. The vulnerability resides in the function slsi_nan_config_get_nl_params(), where a lack of input validation on the user-supplied disc_attr->mesh_id_len parameter can result in a heap overwrite condition. This flaw emphasizes the need for proper validation of user input to prevent potential exploitation and ensure robust security measures in mobile processing units.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27378,https://securityvulnerability.io/vulnerability/CVE-2024-27378,Heap Over-Read Vulnerability in Samsung Mobile Processors,"A vulnerability exists in multiple Samsung Mobile Processors, specifically Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330, due to inadequate input validation within the slsi_send_action_frame_cert() function. This oversight allows for potential heap over-reads, which may lead to exposure of sensitive information and enable further exploitation by malicious actors. Mitigating this issue requires the implementation of proper input validation protocols to secure the affected processors against unauthorized access and attacks.",Samsung,Exynos 980 Firmware,6,MEDIUM,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27377,https://securityvulnerability.io/vulnerability/CVE-2024-27377,Heap Overflow Vulnerability in Samsung Mobile Processors,"A vulnerability exists in select Samsung Mobile Processor models, specifically Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. The issue arises from a lack of input validation in the function slsi_nan_get_security_info_nl(), which processes user input. As a result, an attacker could exploit this flaw to manipulate memory allocation, potentially leading to a heap overwrite. This can adversely affect the operation of the affected devices, compromising their security and stability.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27379,https://securityvulnerability.io/vulnerability/CVE-2024-27379,Heap Overwrite Vulnerability in Samsung Mobile Processors,"A vulnerability exists in Samsung's Mobile Processor series, specifically affecting the Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330 models. This vulnerability arises from a failure to perform input validation checks on the hal_req->num_intf_addr_present parameter sourced from userspace within the function slsi_nan_subscribe_get_nl_params(). Without appropriate validation, this flaw can be exploited to facilitate a heap overwrite, potentially allowing an attacker to manipulate memory and execute arbitrary code, thereby compromising the affected device's security.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-27371,https://securityvulnerability.io/vulnerability/CVE-2024-27371,Input Validation Vulnerability in Samsung Mobile Processors,"A security issue in specific Samsung Exynos mobile processors has been identified, where the function slsi_nan_followup_get_nl_params() does not perform adequate input validation on the service_specific_info_len parameter sourced from userspace. This lack of validation may result in a heap overwrite, potentially allowing attackers to execute arbitrary code or escalate privileges. The affected processors include Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330, necessitating prompt attention to mitigate risks.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.01,false,,false,false,false,,,false,false,,2024-06-05T19:15:00.000Z,0
CVE-2024-29152,https://securityvulnerability.io/vulnerability/CVE-2024-29152,Samsung Exynos Processors and Modems Vulnerable to Information Disclosure Due to Incorrect State Checking,"A significant vulnerability has been identified in Samsung's Exynos mobile processors, wearable processors, and modems. This issue arises from improper state checks in the baseband software related to the Radio Resource Control (RRC) Reconfiguration message. The flaw has the potential to expose sensitive information, impacting user privacy and security across multiple devices utilizing the Exynos architecture, including both mobile and wearable devices. The vulnerability affects a range of Exynos models, complicating the security landscape for Samsung users.",Samsung,Exynos 980 Firmware,7.5,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-06-04T19:19:00.000Z,0
CVE-2023-40353,https://securityvulnerability.io/vulnerability/CVE-2023-40353,Integer Overflow Vulnerability in Exynos Mobile Processors by Samsung,"A vulnerability has been identified in Samsung's Exynos Mobile Processor series, specifically affecting the Exynos 980 and 2100 models. This integer overflow issue at a buffer index can potentially disrupt the execution of intended services when targeted by a crafted application. Malicious actors could exploit this vulnerability to gain unauthorized control over the impacted devices, resulting in compromised systems and user data.",Samsung,Exynos 980 Firmware,2,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-09-08T03:15:00.000Z,0
CVE-2023-37377,https://securityvulnerability.io/vulnerability/CVE-2023-37377,Inconsistency in Packet Filtering in Samsung Exynos Mobile and Wearable Processors,"A vulnerability has been identified in the Samsung Exynos Mobile Processor and Wearable Processor series, specifically impacting the Exynos 980, Exynos 850, Exynos 2100, and Exynos W920 models. This vulnerability arises from improper handling of length parameter inconsistencies, potentially leading to incorrect packet filtering. This flaw could expose systems to various security risks, including unauthorized data access and exploitation. Users are encouraged to refer to Samsung's security updates for more information on mitigation.",Samsung,Exynos 980 Firmware,2,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-09-08T03:15:00.000Z,0