CVE-2023-40353 — LOW (2.0) — White Hats Nepal

Vulnerability Description

An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.

CVSS Score

2.0

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Samsung	Exynos 980 Firmware	-
Samsung	Exynos 980	-
Samsung	Exynos 2100 Firmware	-
Samsung	Exynos 2100	-

Related Weaknesses (CWE)

CWE-190

References

https://semiconductor.samsung.com/support/quality-support/product-security-updatVendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updatVendor Advisory

FAQ

What is CVE-2023-40353?

CVE-2023-40353 is a vulnerability with a CVSS score of 2.0 (LOW). An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.

How severe is CVE-2023-40353?

CVE-2023-40353 has been rated LOW with a CVSS base score of 2.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-40353?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Exynos 980 Firmware, Samsung Exynos 980, Samsung Exynos 2100 Firmware, Samsung Exynos 2100.