CVE-2024-27382 in Exynos 980info

Summary

by MITRE • 06/05/2024

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 03/18/2025

The vulnerability identified as CVE-2024-27382 affects multiple Samsung Exynos mobile processor variants including the Exynos 980, 850, 1280, 1380, and 1330 models. This issue resides within the wireless networking subsystem of these processors, specifically in the slsi_send_action_frame() function that handles action frame transmission. The flaw represents a critical security weakness that stems from inadequate input validation mechanisms within the kernel-space driver responsible for wireless communication protocols.

The technical implementation of this vulnerability occurs when user-space applications provide length parameters to the slsi_send_action_frame() function without proper validation checks. This function processes wireless action frames that are essential for Wi-Fi communication protocols including beacon frames, probe requests, and association responses. The absence of proper bounds checking on the len parameter allows malicious input to exceed the allocated memory buffer boundaries, creating a heap over-read condition that can be exploited to access sensitive memory locations beyond the intended buffer limits.

From an operational perspective, this vulnerability presents significant risks to device security and data integrity. An attacker with local access or the ability to execute code on the target device could leverage this heap over-read to potentially extract confidential information from kernel memory, including cryptographic keys, authentication credentials, or other sensitive data. The vulnerability could enable privilege escalation attacks where malicious actors gain elevated system privileges, or information disclosure attacks that compromise the confidentiality of the device's operational environment. The impact extends beyond individual device security to potentially affect network-wide communication integrity when multiple devices are connected to the same wireless infrastructure.

The vulnerability aligns with CWE-129, which addresses insufficient input validation, and demonstrates characteristics consistent with heap-based buffer overflow conditions that fall under the ATT&CK framework's privilege escalation and defense evasion techniques. Organizations should implement immediate mitigations including kernel updates and patches provided by Samsung, input validation enhancements in user-space applications, and network monitoring to detect anomalous wireless communication patterns. Additionally, system administrators should consider implementing runtime protections such as stack canaries, address space layout randomization, and memory protection mechanisms to reduce the exploitability of such vulnerabilities. The remediation process must include comprehensive testing to ensure that wireless functionality remains intact while addressing the specific memory access violations that enable this class of attack.

Responsible

MITRE

Reservation

02/25/2024

Disclosure

06/05/2024

Moderation

accepted

CPE

ready

EPSS

0.00160

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!