CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.5%
An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_roamed_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.
Vendor | Product | Version | CPE |
---|---|---|---|
samsung | exynos_980_firmware | - | cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_980 | - | cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:* |
samsung | exynos_850_firmware | - | cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_850 | - | cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:* |
samsung | exynos_1080_firmware | - | cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1080 | - | cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:* |
samsung | exynos_1280_firmware | - | cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1280 | - | cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:* |
samsung | exynos_1380_firmware | - | cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:* |
samsung | exynos_1380 | - | cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:* |