CVE-2024-27364
📋 TL;DR
A heap over-read vulnerability in Samsung Exynos mobile and wearable processors allows attackers to read memory beyond allocated buffers. This affects devices using Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, and W930 chips. The issue occurs in the slsi_rx_roamed_ind() function due to missing input validation on user-supplied length values.
💻 Affected Systems
- Samsung Exynos 980
- Samsung Exynos 850
- Samsung Exynos 1080
- Samsung Exynos 1280
- Samsung Exynos 1380
- Samsung Exynos 1330
- Samsung Exynos 1480
- Samsung Exynos W920
- Samsung Exynos W930
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of sensitive kernel memory, potentially including cryptographic keys, authentication tokens, or other privileged data that could facilitate further attacks.
Likely Case
Limited information leakage from kernel heap memory, potentially causing system instability or crashes in affected devices.
If Mitigated
Minimal impact with proper memory protection mechanisms and kernel hardening features enabled.
🎯 Exploit Status
Requires local access to the device and ability to interact with the vulnerable kernel function. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Device-specific security updates from Samsung
Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27364/
Restart Required: Yes
Instructions:
1. Check for device manufacturer security updates. 2. Apply the latest security patch from Samsung. 3. Reboot the device after installation. 4. Verify the patch is applied through device settings.
🔧 Temporary Workarounds
Restrict local access
allLimit physical and application access to vulnerable devices
Disable unnecessary kernel modules
linuxIf possible, disable or restrict the affected kernel functionality
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks
- Implement application allowlisting to prevent malicious apps from running
🔍 How to Verify
Check if Vulnerable:
Check device processor model in Settings > About Phone > Hardware Information. If using affected Exynos chips, assume vulnerable until patched.Check Version:
On Android: adb shell getprop ro.boot.hardwareVerify Fix Applied:
Check Android security patch level in Settings > About Phone > Software Information. Ensure date is after March 2024.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Memory access violation logs in dmesg
- Unexpected process crashes
SIEM Query:
Search for kernel panic events or memory access violations on mobile devices