Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31957

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Jul, 2024 | 00:00
Updated At-25 Mar, 2025 | 16:49
Rejected At-
Credits

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Jul, 2024 | 00:00
Updated At:25 Mar, 2025 | 16:49
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AC:L/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AC:L/AV:L/A:H/C:N/I:N/PR:N/S:U/UI:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
N/A
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/
N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource: N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-1284CWE-1284 Improper Validation of Specified Quantity in Input
Type: CWE
CWE ID: CWE-1284
Description: CWE-1284 Improper Validation of Specified Quantity in Input
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
x_transferred
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/
x_transferred
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource:
x_transferred
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Jul, 2024 | 18:15
Updated At:25 Mar, 2025 | 17:15

A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Samsung
samsung
>>exynos_2200_firmware>>-
cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2200>>-
cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2400_firmware>>-
cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2400>>-
cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1284Primarynvd@nist.gov
CWE-1284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-1284
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve@mitre.org
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/cve@mitre.org
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-31957/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

141Records found
CVE-2024-27360
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.19% / 40.95%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-27 Aug, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w930_firmwareexynos_1280exynos_850exynos_1380exynos_1080exynos_2200exynos_850_firmwareexynos_1330exynos_1080_firmwareexynos_2100_firmwareexynos_1330_firmwareexynos_2100exynos_1280_firmwareexynos_1380_firmwareexynos_w930exynos_2200_firmwaren/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-40761
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 74.49%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 21:35
Updated-03 Aug, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-40280
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.20%
||
7 Day CHG~0.00%
Published-08 Sep, 2022 | 21:06
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-tizenrtn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2022-39828
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.20%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 03:43
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CVE-2022-39829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.24%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 03:43
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-39830
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.20%
||
7 Day CHG~0.00%
Published-05 Sep, 2022 | 03:43
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CVE-2022-38155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.26%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 00:52
Updated-03 Aug, 2024 | 10:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-22288
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-285
Improper Authorization
CVE-2024-55568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.83%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 00:00
Updated-04 Nov, 2025 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1330exynos_1080_firmwareexynos_modem_5300exynos_9110exynos_850_firmwareexynos_2100_firmwareexynos_2400_firmwareexynos_w930exynos_modem_5300_firmwareexynos_w920exynos_990exynos_9110_firmwareexynos_850exynos_modem_5123_firmwareexynos_1380_firmwareexynos_2100exynos_1480_firmwareexynos_1480exynos_modem_5400exynos_modem_5123exynos_w920_firmwareexynos_2400exynos_2200_firmwareexynos_980_firmwareexynos_980exynos_1080exynos_w1000_firmwareexynos_modem_5400_firmwareexynos_1380exynos_1280exynos_1280_firmwareexynos_990_firmwareexynos_w1000exynos_2200exynos_1330_firmwareexynos_w930_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-18675
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 14:37
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynox_8890exynos_7420n/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2024-49196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.86%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 00:00
Updated-20 Jun, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_2400_firmwareexynos_1480_firmwareexynos_2400n/a
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-52924
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 39.99%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 00:00
Updated-01 Jul, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of boundary check during the decoding of Registration Accept messages can lead to out-of-bounds writes on the stack

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1480_firmwareexynos_modem_5400exynos_9825_firmwareexynos_modem_5123_firmwareexynos_2200exynos_w920_firmwareexynos_2400exynos_modem_5300exynos_1330_firmwareexynos_990exynos_850_firmwareexynos_w930_firmwareexynos_980exynos_1280exynos_990_firmwareexynos_9110_firmwareexynos_1080_firmwareexynos_9820exynos_w1000_firmwareexynos_1380exynos_9110exynos_9825exynos_2400_firmwareexynos_850exynos_1080exynos_w930exynos_2100exynos_1280_firmwareexynos_9820_firmwareexynos_1330exynos_980_firmwareexynos_2200_firmwareexynos_modem_5123exynos_w920exynos_modem_5400_firmwareexynos_2100_firmwareexynos_1480exynos_modem_5300_firmwareexynos_w1000n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-50600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 39.99%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 00:00
Updated-01 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access. An attacker can send a malformed message to the target through the Wi-Fi driver.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_1380_firmwareexynos_1480_firmwareexynos_1480exynos_850exynos_1080exynos_w930exynos_1280_firmwareexynos_w920_firmwareexynos_1330exynos_980_firmwareexynos_1330_firmwareexynos_850_firmwareexynos_w930_firmwareexynos_980exynos_1280exynos_w920exynos_w1000_firmwareexynos_1080_firmwareexynos_w1000n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-36621
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.15%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 20:04
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

Action-Not Available
Vendor-n/aSamsung
Product-mtowern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-46923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.83%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-20 Jun, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_2400exynos_1480_firmwareexynos_2200exynos_2200_firmwareexynos_2400_firmwaren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-46922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 73.30%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 00:00
Updated-20 Jun, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_2400_firmwareexynos_1480_firmwareexynos_2400n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2012-3806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.37% / 85.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 21:34
Updated-06 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-kiesn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-45184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 26.26%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 00:00
Updated-17 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_990_firmwareexynos_1480exynos_2400_firmwareexynos_2100_firmwareexynos_1280exynos_9825_firmwareexynos_1380_firmwareexynos_w920exynos_980_firmwareexynos_1080exynos_1330_firmwareexynos_9825exynos_1280_firmwareexynos_1380exynos_w920_firmwareexynos_modem_5123exynos_2400exynos_980exynos_9820_firmwareexynos_850exynos_9820exynos_9110_firmwareexynos_modem_5300_firmwareexynos_1080_firmwareexynos_2200_firmwareexynos_990exynos_2100exynos_w930_firmwareexynos_modem_5123_firmwareexynos_modem_5300exynos_w930exynos_850_firmwareexynos_1330exynos_9110exynos_1480_firmwareexynos_2200n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-42482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 22.50%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_2200_firmwaren/aexynos_2200
CWE ID-CWE-416
Use After Free
CVE-2023-42531
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 5.77%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-12 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-287
Improper Authentication
CVE-2023-41111
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.32% / 54.81%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 00:00
Updated-17 Sep, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_9820_firmwareexynos_980_firmwareexynos_1330exynos_auto_t5123exynos_9610exynos_1330_firmwareexynos_9810_firmwareexynos_2100exynos_9110exynos_980exynos_modem_5300_firmwareexynos_2200_firmwareexynos_9820exynos_modem_5123_firmwareexynos_9810exynos_9110_firmwareexynos_1280exynos_850exynos_1080exynos_2200exynos_w920_firmwareexynos_w920exynos_auto_t5123_firmwareexynos_1080_firmwareexynos_2100_firmwareexynos_1280_firmwareexynos_modem_5300exynos_1380_firmwareexynos_9610_firmwareexynos_modem_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2||LOW
EPSS-0.04% / 11.03%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2100_firmwareexynos_850exynos_2100exynos_w920exynos_850_firmwareexynos_980exynos_980_firmwareexynos_w920_firmwaren/amobile_processor_wearable_processor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-56426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.67%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack of a length check leads to out-of-bounds writes via malformed USB packets to the target.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_1380_firmwareexynos_1080exynos_2200_firmwareexynos_1280_firmwareexynos_980_firmwareexynos_w1000exynos_w930exynos_990exynos_1330exynos_2400exynos_2100exynos_w920_firmwareexynos_850exynos_1080_firmwareexynos_1280exynos_850_firmwareexynos_2200exynos_990_firmwareexynos_w920exynos_1380exynos_w930_firmwareexynos_w1000_firmwareexynos_2400_firmwareexynos_1330_firmwareexynos_980exynos_1480_firmwareexynos_2100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-66363
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.24%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200_firmwareexynos_2200n/a
CWE ID-CWE-665
Improper Initialization
CVE-2024-55569
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 61.86%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 00:00
Updated-01 Jul, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1480_firmwareexynos_modem_5123_firmwareexynos_2200exynos_w920_firmwareexynos_2400exynos_modem_5300exynos_1330_firmwareexynos_990exynos_850_firmwareexynos_w930_firmwareexynos_980exynos_1280exynos_990_firmwareexynos_9110_firmwareexynos_1080_firmwareexynos_w1000_firmwareexynos_1380exynos_9110exynos_2400_firmwareexynos_850exynos_1080exynos_w930exynos_2100exynos_1280_firmwareexynos_1330exynos_980_firmwareexynos_2200_firmwareexynos_modem_5123exynos_w920exynos_2100_firmwareexynos_1480exynos_modem_5300_firmwareexynos_w1000n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34608
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34604
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34637
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.08%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 05:32
Updated-05 Sep, 2024 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34605
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2023-30675
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2024-34606
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34607
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:29
Updated-12 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2025-62814
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.23%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1280exynos_2200exynos_2400_firmwareexynos_1380_firmwareexynos_1480_firmwareexynos_2200_firmwareexynos_1380exynos_1280_firmwareexynos_2400exynos_1480n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-62817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-10 Mar, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1580_firmwareexynos_2200_firmwareexynos_2200exynos_1280_firmwareexynos_2500_firmwareexynos_1480_firmwareexynos_1280exynos_1580exynos_1380exynos_1480exynos_2400_firmwareexynos_2500exynos_2400n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-29091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 68.35%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP URI.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_auto_t5123exynos_5300exynos_1080exynos_1080_firmwareexynos_5123exynos_980exynos_5300_firmwareexynos_5123_firmwareexynos_9110exynos_auto_t5123_firmwareexynos_980_firmwareexynos_9110_firmwaren/a
CWE ID-CWE-1173
Improper Use of Validation Framework
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-59439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.88%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1080_firmwareexynos_990_firmwareexynos_modem_5123_firmwareexynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_9110_firmwareexynos_850exynos_9110exynos_w1000_firmwareexynos_modem_5123exynos_990exynos_1080n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-58341
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-58342
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-57835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.74%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 00:00
Updated-07 Apr, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1330exynos_980_firmwareexynos_2500_firmwareexynos_2200exynos_1080exynos_1480_firmwareexynos_9110exynos_850exynos_w920exynos_modem_5300_firmwareexynos_1280_firmwareexynos_modem_5400_firmwareexynos_w920_firmwareexynos_850_firmwareexynos_modem_5123exynos_2400_firmwareexynos_1380_firmwareexynos_990exynos_modem_5123_firmwareexynos_990_firmwareexynos_w1000_firmwareexynos_2200_firmwareexynos_w930_firmwareexynos_w930exynos_1330_firmwareexynos_2500exynos_w1000exynos_1080_firmwareexynos_1280exynos_980exynos_9110_firmwareexynos_modem_5400exynos_2100exynos_1580_firmwareexynos_2100_firmwareexynos_modem_5300exynos_1580exynos_1380exynos_1480n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-57834
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.64%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 00:00
Updated-07 Apr, 2026 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410). The absence of proper input validation leads to a Denial of Service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1330exynos_980_firmwareexynos_2500_firmwareexynos_2200exynos_1080exynos_modem_5410_firmwareexynos_1480_firmwareexynos_9110exynos_850exynos_w920exynos_modem_5300_firmwareexynos_1280_firmwareexynos_modem_5410exynos_modem_5400_firmwareexynos_w920_firmwareexynos_1680exynos_850_firmwareexynos_modem_5123exynos_2400_firmwareexynos_1380_firmwareexynos_990exynos_modem_5123_firmwareexynos_990_firmwareexynos_w1000_firmwareexynos_2200_firmwareexynos_w930_firmwareexynos_w930exynos_1330_firmwareexynos_2500exynos_1680_firmwareexynos_w1000exynos_1080_firmwareexynos_1280exynos_980exynos_9110_firmwareexynos_modem_5400exynos_2100exynos_1580_firmwareexynos_2100_firmwareexynos_modem_5300exynos_1580exynos_1380exynos_1480n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-58344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 00:00
Updated-05 Feb, 2026 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel memory exhaustion.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_980_firmwareexynos_w920_firmwareexynos_1330_firmwareexynos_1380_firmwareexynos_1580_firmwareexynos_1480exynos_1480_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_1280exynos_1330exynos_980exynos_w930exynos_850_firmwareexynos_w920exynos_w930_firmwareexynos_850exynos_w1000_firmwareexynos_1580exynos_1080exynos_1380n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-29089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 70.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-29090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 68.35%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Via header.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.59% / 69.24%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 70.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29085
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.86% / 75.06%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29086
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.59% / 69.24%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20872
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.09% / 25.03%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 04:29
Updated-07 Jan, 2026 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidTalkbackSEtalkbackse
CVE-2023-24033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.75% / 82.66%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_modem_5123_firmwareexynos_modem_5123exynos_980_firmwareexynos_auto_t5123_firmwareexynos_modem_5300exynos_modem_5300_firmwareexynos_1080exynos_auto_t5123exynos_1080_firmwareexynos_980n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found