CVE-2023-37377

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-08 03:15

Updated : 2024-11-21 08:11

NVD link : CVE-2023-37377

Mitre link : CVE-2023-37377

CVE.ORG link : CVE-2023-37377

JSON object : View

Products Affected

samsung

exynos_2100_firmware
exynos_980_firmware
exynos_980
exynos_2100
exynos_850_firmware
exynos_w920
exynos_850
exynos_w920_firmware

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-37377", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-08T03:15:08.643", "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el Procesador M\u00f3vil Samsung Exynos y el Procesador Port\u00e1til (Exynos 980, Exynos 850, Exynos 2100 y Exynos W920). El manejo incorrecto de la incoherencia de los par\u00e1metros de longitud puede provocar un filtrado incorrecto de paquetes."}], "lastModified": "2024-11-21T08:11:36.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1928760C-4FC4-45B0-84FF-C1105CD1DD2A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB410A6D-642B-49AE-8B1C-EADA953A84DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6ADED27-EDAF-4FB3-8CB2-AE5F59B93641"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4BF79654-E5C6-4DFF-B33A-A78571CD300C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

2.0 /10