CVE-2024-27372

Vulnerability

The function slsi_nan_config_get_nl_params() in the Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330 lacks input validation on disc_attr->infrastructure_ssid_len coming from userspace. This missing check leads to a heap overwrite vulnerability. The affected versions are those that include these specific SoC models.

Exploitation

An attacker must be able to send a crafted NAN (Neighbor Awareness Networking) configuration Netlink message to the kernel driver. No special privileges beyond access to the Netlink socket are required; the attacker needs to control the infrastructure_ssid_len field to cause a heap buffer overflow.

Impact

Successful exploitation allows an attacker to perform a heap overwrite, potentially leading to arbitrary write on the kernel heap. This can result in denial of service or escalation of privileges, possibly allowing full compromise of the device [1].

Mitigation

Samsung has released security updates to address this vulnerability. Users are advised to apply the latest firmware updates from Samsung for the affected Exynos models. The fixed versions are listed in Samsung's Product Security Update portal [1]. No workarounds are available; installing the patch is the recommended mitigation.