CVE-2024-27378
📋 TL;DR
A heap over-read vulnerability exists in Samsung Exynos mobile processors due to missing input validation in the slsi_send_action_frame_cert() function. This allows attackers with local access to potentially read sensitive memory contents from affected devices. The vulnerability affects Samsung smartphones and tablets using Exynos 980, 850, 1280, 1380, and 1330 processors.
💻 Affected Systems
- Samsung smartphones and tablets with Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, Exynos 1330 processors
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of sensitive kernel memory contents, potentially including cryptographic keys, passwords, or other protected data, leading to complete device compromise.
Likely Case
Limited information disclosure of adjacent heap memory, potentially exposing some kernel data structures or application information.
If Mitigated
No impact if proper input validation is implemented or if the vulnerable function is not accessible to attackers.
🎯 Exploit Status
Exploitation requires local access and knowledge of heap layout. No public exploits are currently known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Samsung security updates for specific device models
Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Restart Required: Yes
Instructions:
1. Check for Samsung security updates in device settings. 2. Install the latest security patch. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable vulnerable Wi-Fi functions
androidRestrict access to Wi-Fi certification/testing functions that trigger the vulnerable code path
🧯 If You Can't Patch
- Restrict physical access to devices and monitor for suspicious local activity
- Implement application sandboxing and privilege separation to limit impact
🔍 How to Verify
Check if Vulnerable:
Check device model and processor type in Settings > About phone, then verify if it uses affected Exynos chipsCheck Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Check Android security patch level in Settings > About phone > Software information and ensure it's after the vulnerability disclosure date📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Wi-Fi driver crash reports
- Memory access violation logs
Network Indicators:
- Unusual Wi-Fi certification frame activity
SIEM Query:
Search for kernel logs containing 'slsi_send_action_frame_cert' or Wi-Fi driver crash events