CVE-2024-49408

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:samsung:galaxy_s24_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:samsung:galaxy_s24:-:*:*:*:*:*:*:*

History

13 Nov 2024, 00:51

Type Values Removed Values Added
CWE CWE-787
First Time Samsung
Samsung galaxy S24 Firmware
Samsung galaxy S24
References () https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 - () https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.4
v2 : unknown
v3 : 6.7
CPE cpe:2.3:h:samsung:galaxy_s24:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:galaxy_s24_firmware:*:*:*:*:*:*:*:*

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) La escritura fuera de los límites en el controlador USB anterior a la actualización de firmware de septiembre de 2024 en Galaxy S24 permite a los atacantes locales escribir en la memoria fuera de los límites. Se requiere privilegio del sistema para activar esta vulnerabilidad.

06 Nov 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-06 03:15

Updated : 2024-11-13 00:51


NVD link : CVE-2024-49408

Mitre link : CVE-2024-49408

CVE.ORG link : CVE-2024-49408


JSON object : View

Products Affected

samsung

  • galaxy_s24
  • galaxy_s24_firmware
CWE
CWE-787

Out-of-bounds Write