CVE-2024-27365 in Exynos 980info

Summary

by MITRE • 09/10/2024

An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 06/13/2025

The vulnerability CVE-2024-27365 represents a critical heap over-read flaw affecting multiple Samsung Exynos mobile processors including the Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, and W930 chipsets. This issue resides within the wireless networking subsystem of these processors, specifically in the slsi_rx_blockack_ind() function that handles received block acknowledgment indicators. The flaw stems from inadequate input validation mechanisms that fail to properly validate the length parameter originating from userspace, creating a dangerous condition where malicious input can trigger memory corruption.

This vulnerability operates at the kernel level within the wireless driver component of the Exynos processor architecture, making it particularly dangerous as it can be exploited by attackers with local access or through malicious applications. The absence of proper bounds checking on user-provided length values allows an attacker to potentially read data from adjacent memory locations beyond the intended buffer boundaries. This heap over-read condition can expose sensitive information such as kernel memory contents, cryptographic keys, or other confidential data stored in memory. The vulnerability aligns with CWE-129, which specifically addresses improper validation of length parameters, and represents a classic example of memory safety issues that can lead to information disclosure or further exploitation.

The operational impact of this vulnerability extends beyond simple information disclosure, as it creates potential pathways for more sophisticated attacks. When an attacker successfully triggers this heap over-read condition, they may be able to extract valuable information from kernel memory spaces, potentially including credentials, encryption keys, or other sensitive data that could be used to escalate privileges or gain deeper system access. The nature of this flaw makes it particularly concerning for mobile devices where the wireless subsystem is constantly processing incoming network traffic and where legitimate applications may inadvertently provide malformed input. The vulnerability demonstrates the critical importance of input validation in kernel space components and aligns with ATT&CK technique T1059.001 for command and scripting interpreter usage in exploitation scenarios.

Mitigation strategies for CVE-2024-27365 should focus on implementing comprehensive input validation mechanisms within the wireless driver subsystem. Device manufacturers must ensure that all length parameters received from userspace are properly validated against expected ranges and bounds before being processed. The recommended approach includes implementing strict bounds checking, adding memory protection mechanisms such as stack canaries, and employing address space layout randomization to make exploitation more difficult. Additionally, system administrators should apply firmware updates and security patches as soon as they become available from Samsung, while network administrators should monitor for unusual wireless traffic patterns that might indicate exploitation attempts. The vulnerability underscores the necessity of robust security practices in embedded systems and mobile processor architectures, particularly in wireless communication components where input validation is critical for preventing memory corruption vulnerabilities that could lead to complete system compromise.

Responsible

MITRE

Reservation

02/25/2024

Disclosure

09/10/2024

Moderation

accepted

CPE

ready

EPSS

0.00174

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!