CVE-2023-40218

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.6 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-12 15:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40218

Mitre link : CVE-2023-40218

CVE.ORG link : CVE-2023-40218

JSON object : View

Products Affected

samsung

exynos_2100_firmware
exynos_1380
exynos_1280
exynos_1380_firmware
exynos_980_firmware
exynos_980
exynos_2100
exynos_1280_firmware
exynos_9820
exynos_2200_firmware
exynos_9820_firmware
exynos_2200

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2023-40218", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-09-12T15:15:23.767", "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el controlador del kernel NPU en los procesadores m\u00f3viles Samsung Exynos 9820, 980, 2100, 2200, 1280 y 1380. Un Desbordamiento de Enteros puede evitar la detecci\u00f3n de casos de error a trav\u00e9s de una aplicaci\u00f3n manipulada."}], "lastModified": "2024-11-21T08:19:01.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E582F31-BCC1-4276-BC34-A38EDCC4BB01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}