CVE-2020-28343

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:9.0:::::::*
	cpe:2.3:o:google:android:10.0:::::::*

OR	cpe:2.3:h:samsung:exynos_980:-:::::::*
	cpe:2.3:h:samsung:exynos_9820:-:::::::*
	cpe:2.3:h:samsung:exynos_9830:-:::::::*

History

No history.

Information

Published : 2020-11-08 05:15

Updated : 2020-11-10 19:43

NVD link : CVE-2020-28343

Mitre link : CVE-2020-28343

CVE.ORG link : CVE-2020-28343

JSON object : View

Products Affected

samsung

exynos_9830
exynos_980
exynos_9820

google

android

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-28343", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-11-08T05:15:11.783", "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020)."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos m\u00f3viles Samsung con versiones de software P(9.0) y Q(10.0) (chipsets Exynos 980, 9820, y 9830). El controlador de NPU permite a atacantes ejecutar c\u00f3digo arbitrario debido a operaciones de lectura y escritura involuntarias en memoria. El ID de Samsung es SVE-2020-18610 (Noviembre de 2020)"}], "lastModified": "2020-11-10T19:43:07.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"}, {"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"}, {"criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA"}, {"criteria": "cpe:2.3:h:samsung:exynos_9830:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC599902-095F-411E-B112-1BA9A643C6C9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}