CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2023-37368
https://notcve.org/view.php?id=CVE-2023-37368
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet. Se descubrió un problema en el Procesador Móvil, el Procesador Automotive y el Módem Exynos de Samsung (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, y Exynos Auto T5123). En la tarea MM de Shannon, la falta de validación de un puntero NULL puede provocar una terminación anormal a través de un paquete NR MM con formato malformado. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2023-36481
https://notcve.org/view.php?id=CVE-2023-36481
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 50EXPL: 0CVE-2023-21459
https://notcve.org/view.php?id=CVE-2023-21459
Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27834
https://notcve.org/view.php?id=CVE-2022-27834
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. La vulnerabilidad de Uso de memoria previamente liberada en la función dsp_context_unload_graph del controlador DSP versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes llevar a cabo acciones maliciosas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27833
https://notcve.org/view.php?id=CVE-2022-27833
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. Una comprobación de entrada inapropiada en el controlador DSP versiones anteriores a SMR Apr-2022 Release 1, permite una escritura fuera de límites por desbordamiento de enteros • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •