CVE-2024-46923

High

Published: 12 February 2025

Published

12 February 2025

Modified

20 June 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0050 65.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver.

Security Summary

CVE-2024-46923 is a vulnerability affecting the Xclipse Driver in Samsung Mobile Processors Exynos 2200, 1480, and 2400. The issue stems from the absence of a null check in the amdgpu_cs_ib_fill function, which can trigger a Denial of Service condition. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-400 (Uncontrolled Resource Consumption).

The vulnerability is exploitable remotely over the network by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation results in a high-impact denial of service, disrupting system availability without compromising confidentiality or integrity.

Samsung's product security updates, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/, provide details on patches and mitigation measures for affected Exynos processors.

Details

CWE(s): CWE-400

Affected Products

samsung

exynos 2200 firmware

all versions

samsung

exynos 1480 firmware

all versions

samsung

exynos 2400 firmware

all versions

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Vendor Advisory · cve@mitre.org