Login Sign Up

CVE-2024-27382

6.0 MEDIUM

📋 TL;DR

This vulnerability in Samsung Exynos mobile processors allows attackers to read heap memory beyond allocated boundaries due to missing input validation in the slsi_send_action_frame() function. It affects devices using Exynos 980, 850, 1280, 1380, and 1330 chipsets. This could potentially expose sensitive information from device memory.

💻 Affected Systems

Products:
  • Samsung Mobile Processor Exynos 980
  • Samsung Mobile Processor Exynos 850
  • Samsung Mobile Processor Exynos 1280
  • Samsung Mobile Processor Exynos 1380
  • Samsung Mobile Processor Exynos 1330
Versions: All versions prior to security patches
Operating Systems: Android-based systems using affected Exynos chipsets
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using these specific Exynos processors. The vulnerability is in the chipset firmware/driver layer.

📦 What is this software?

Exynos 1280 Firmware by Samsung

View all CVEs affecting Exynos 1280 Firmware →

Exynos 1330 Firmware by Samsung

View all CVEs affecting Exynos 1330 Firmware →

Exynos 1380 Firmware by Samsung

View all CVEs affecting Exynos 1380 Firmware →

Exynos 850 Firmware by Samsung

View all CVEs affecting Exynos 850 Firmware →

Exynos 980 Firmware by Samsung

View all CVEs affecting Exynos 980 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive data from device memory, potentially including cryptographic keys, authentication tokens, or other protected information.

🟠

Likely Case

Limited information disclosure of adjacent heap memory, potentially exposing non-sensitive application data or causing application instability.

🟢

If Mitigated

No impact if proper input validation is implemented or if the vulnerable function is not accessible to attackers.

🌐 Internet-Facing: MEDIUM - Requires local access or ability to send crafted frames to the vulnerable function, which may be accessible via network interfaces.
🏢 Internal Only: MEDIUM - Local attackers or malicious apps could exploit this vulnerability to read heap memory.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to send crafted action frames to the vulnerable function, which typically requires local access or specific permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Samsung security updates for specific device models

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Restart Required: Yes

Instructions:

1. Check for security updates from device manufacturer. 2. Apply available firmware updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict access to wireless interfaces

android

Limit which applications can access Wi-Fi/Bluetooth interfaces to reduce attack surface

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Implement application allowlisting to prevent unauthorized apps from accessing wireless interfaces

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Exynos 980, 850, 1280, 1380, or 1330 processor and verify no security patches have been applied

Check Version:

adb shell getprop ro.build.fingerprint (for Android devices)

Verify Fix Applied:

Check device security patch level in Settings > About Phone > Software Information

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Driver crash reports
  • Memory access violation logs

Network Indicators:

  • Unusual action frame patterns
  • Malformed wireless packets

SIEM Query:

Search for kernel or driver crash events related to slsi_send_action_frame or wireless drivers

📊 Metadata

CVE ID: CVE-2024-27382
CVSS v3 Score: 6.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: June 5, 2024
Last Updated: March 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27382, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)