CVE-2024-46922

High

Published: 12 February 2025

Published

12 February 2025

Modified

20 June 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0075 73.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver.

Security Summary

CVE-2024-46922 is a vulnerability affecting Samsung Mobile Processor Exynos 1480 and 2400 chips, stemming from the absence of a null pointer check in the amdgpu_cs_parser_bos function within the Xclipse Driver. This flaw, classified under CWE-476 (NULL Pointer Dereference), was publicly disclosed on February 12, 2025, and carries a CVSS v3.1 base score of 7.5, indicating high severity primarily due to its potential for disruption.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low attack complexity. Successful exploitation triggers a denial-of-service condition by crashing the affected driver component, resulting in high availability impact without compromising confidentiality or integrity.

Samsung has published details on this vulnerability through its product security updates portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/, where practitioners can find guidance on applicable patches or mitigations for affected Exynos-based devices.

Details

CWE(s): CWE-476

Affected Products

samsung

exynos 1480 firmware

all versions

samsung

exynos 2400 firmware

all versions

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Vendor Advisory · cve@mitre.org