CVE-2024-27386

A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite.

CVSS

No CVSS.

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27386/	Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27386/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*

History

26 Jun 2025, 20:46

Type	Values Removed	Values Added
First Time		Samsung exynos 1480 Samsung exynos 1380 Samsung exynos 1480 Firmware Samsung exynos 1380 Firmware Samsung
CPE		cpe:2.3:h:samsung:exynos_1380:-:::::::* cpe:2.3:h:samsung:exynos_1480:-:::::::* cpe:2.3:o:samsung:exynos_1480_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1380_firmware:-:::::::*
References	~~() https://semiconductor.samsung.com/support/quality-support/product-security-updates/ -~~	() https://semiconductor.samsung.com/support/quality-support/product-security-updates/ - Vendor Advisory
References	~~() https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27386/ -~~	() https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27386/ - Vendor Advisory

09 Jul 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-09 21:15

Updated : 2025-06-26 20:46

NVD link : CVE-2024-27386

Mitre link : CVE-2024-27386

JSON object : View

Products Affected

samsung

exynos_1380_firmware
exynos_1480_firmware
exynos_1480
exynos_1380

CWE

No CWE.

JSON object

Attach tags to CVE-2024-27386

Attach tags to `CVE-2024-27386`