CVE-2024-27372
📋 TL;DR
This vulnerability in Samsung Exynos mobile processors allows attackers to perform heap overwrite attacks by exploiting lack of input validation in the slsi_nan_config_get_nl_params() function. Attackers can potentially execute arbitrary code or cause denial of service on affected devices. This affects smartphones and other devices using the listed Exynos chipsets.
💻 Affected Systems
- Samsung Mobile Processor Exynos 980
- Samsung Mobile Processor Exynos 850
- Samsung Mobile Processor Exynos 1280
- Samsung Mobile Processor Exynos 1380
- Samsung Mobile Processor Exynos 1330
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation
Likely Case
Local privilege escalation, application crashes, or denial of service affecting device functionality
If Mitigated
Limited impact with proper memory protections and exploit mitigations in place
🎯 Exploit Status
Requires local access or malicious app installation. Exploitation involves manipulating Wi-Fi/NAN configuration parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Device-specific security updates from Samsung and other OEMs
Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Restart Required: Yes
Instructions:
1. Check for device security updates in Settings > Software Update. 2. Install available updates. 3. For OEM devices using these chipsets, check manufacturer's security bulletins. 4. Apply firmware/driver updates from device manufacturers.
🔧 Temporary Workarounds
Disable Wi-Fi NAN/Neighbor Awareness Networking
androidPrevents exploitation by disabling the vulnerable feature
Settings vary by device - typically in Wi-Fi advanced settings
Restrict app permissions
androidLimit which apps can access Wi-Fi/NAN configuration
Settings > Apps > [App Name] > Permissions > Disable Wi-Fi/NAN access
🧯 If You Can't Patch
- Isolate affected devices from untrusted networks and users
- Implement application allowlisting to prevent malicious app installation
🔍 How to Verify
Check if Vulnerable:
Check device chipset in Settings > About Phone > Hardware Information. If using affected Exynos chipset and security patch level is before March 2024, likely vulnerable.Check Version:
adb shell getprop ro.boot.hardware (for Exynos chips) and adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level is March 2024 or later in Settings > About Phone > Software Information📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Wi-Fi driver crashes
- Memory corruption errors in system logs
Network Indicators:
- Unusual Wi-Fi NAN configuration requests
- Malformed Wi-Fi packets targeting NAN features
SIEM Query:
Device logs showing 'slsi_nan' function errors or kernel oops with Wi-Fi driver references