CVE-2024-27380

MEDIUM Year: 2024
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a heap over-read.

Related Vulnerabilities

CVE-2016-5107

MEDIUM
CVSS:6.0(Medium)

The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds rea...

CWE-1252016

CVE-2018-5683

MEDIUM
CVSS:6.0(Medium)

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CWE-1252018

CVE-2019-19927

MEDIUM
CVSS:6.0(Medium)

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read acc...

CWE-1252019

CVE-2020-11293

MEDIUM
CVSS:6.0(Medium)

Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...

CWE-1252020

CVE-2020-2741

MEDIUM
CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily explo...

CWE-1252020

CVE-2020-2743

MEDIUM
CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily explo...

CWE-1252020