Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
History

Wed, 13 Nov 2024 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung galaxy S24
Weaknesses CWE-787
CPEs cpe:2.3:h:samsung:galaxy_s24:-:*:*:*:*:*:*:*
Vendors & Products Samsung galaxy S24

Wed, 06 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung galaxy S24 Firmware
CPEs cpe:2.3:o:samsung:galaxy_s24_firmware:*:*:*:*:*:*:*:*
Vendors & Products Samsung
Samsung galaxy S24 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published: 2024-11-06T02:17:26.793Z

Updated: 2024-11-06T15:58:22.659Z

Reserved: 2024-10-15T05:26:08.659Z

Link: CVE-2024-49408

cve-icon Vulnrichment

Updated: 2024-11-06T15:57:58.543Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-06T03:15:06.157

Modified: 2024-11-13T00:51:31.050

Link: CVE-2024-49408

cve-icon Redhat

No data.