CVE-2024-45184

Q: What is the severity of CVE-2024-45184?

CVE-2024-45184 has a CVSS score of 6.2 (MEDIUM). This vulnerability is a heap buffer overflow in Samsung's USAT component affecting multiple Exynos chipsets used in mobile devices, wearables, and modems. An attacker could exploit this to cause a denial of service by writing out-of-bounds memory. Affected devices include Samsung smartphones, wearables, and modems using the listed Exynos processors.

6.2 MEDIUM

Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability is a heap buffer overflow in Samsung's USAT component affecting multiple Exynos chipsets used in mobile devices, wearables, and modems. An attacker could exploit this to cause a denial of service by writing out-of-bounds memory. Affected devices include Samsung smartphones, wearables, and modems using the listed Exynos processors.

💻 Affected Systems

Products:

Samsung Mobile Processor
Samsung Wearable Processor
Samsung Modems

Versions: All versions with affected chipsets

Operating Systems: Android-based systems using affected chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects chipsets: Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash or persistent denial of service requiring hardware reset, potentially leading to temporary device unavailability.

🟠

Likely Case

Local denial of service causing application crashes or temporary device instability.

🟢

If Mitigated

Minimal impact if patched; unpatched devices remain vulnerable to local denial of service attacks.

🌐 Internet-Facing: LOW (requires local access or proximity to device)

🏢 Internal Only: MEDIUM (local attackers or malicious apps could exploit)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious application installation; USAT component access needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Samsung security updates for specific device models

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-45184/

Restart Required: Yes

Instructions:

1. Check for security updates in device settings. 2. Install available updates. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable unnecessary USAT services

android

Reduce attack surface by disabling unused USAT-related services if possible

🧯 If You Can't Patch

Restrict physical access to devices
Implement application allowlisting to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check device chipset model in Settings > About phone > Hardware info

Check Version:

Not applicable via command line on consumer devices

Verify Fix Applied:

Verify security patch level in Settings > About phone > Software information

📡 Detection & Monitoring

Log Indicators:

USAT service crashes
Kernel panic logs
Abnormal process termination

Network Indicators:

No network indicators for this local vulnerability

SIEM Query:

Not applicable for consumer devices

📊 Metadata

CVE ID: CVE-2024-45184

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: October 11, 2024

Last Updated: June 17, 2025

🔗 References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-45184/ Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Exynos 1080 Firmware by Samsung

Exynos 1280 Firmware by Samsung

Exynos 1330 Firmware by Samsung

Exynos 1380 Firmware by Samsung

Exynos 1480 Firmware by Samsung

Exynos 2100 Firmware by Samsung

Exynos 2200 Firmware by Samsung

Exynos 2400 Firmware by Samsung

Exynos 850 Firmware by Samsung

Exynos 9110 Firmware by Samsung

Exynos 980 Firmware by Samsung

Exynos 9820 Firmware by Samsung

Exynos 9825 Firmware by Samsung

Exynos 990 Firmware by Samsung

Exynos Modem 5123 Firmware by Samsung

Exynos Modem 5300 Firmware by Samsung

Exynos W920 Firmware by Samsung

Exynos W930 Firmware by Samsung