CVE-2024-20844

Description

Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Samsung Mobile / Samsung Mobile DevicesSMR Apr-2024 Release in Android 12 – SMR Apr-2024 Release in Android 12

References

MISChttps://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=04