CVE-2024-50600
Published: 06 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2024-50600 is a vulnerability in Samsung Mobile Processor and Wearable Processor models Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. It stems from a lack of boundary check in the STOP_KEEP_ALIVE_OFFLOAD functionality within the Wi-Fi driver, resulting in out-of-bounds access (CWE-125). The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for significant impact.
A remote attacker without privileges or user interaction can exploit this vulnerability by sending a malformed message to the target device through the Wi-Fi driver. Successful exploitation leads to out-of-bounds access, which disrupts availability by causing crashes or denial of service, though it does not compromise confidentiality or integrity.
Samsung provides product security updates and mitigation guidance on their semiconductor support page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/. Security practitioners should check this resource for patches applicable to affected Exynos processors in Samsung mobile and wearable devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability description explicitly details remote exploitation of a Wi-Fi driver flaw (out-of-bounds access) causing crashes and denial of service on the endpoint, directly mapping to Application or System Exploitation for Endpoint Denial of Service.