CVE-2023-40218

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*

cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*

cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*

cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*

cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-12 15:15

Updated : 2023-09-14 00:45

NVD link : CVE-2023-40218

Mitre link : CVE-2023-40218

CVE.ORG link : CVE-2023-40218

JSON object : View

Products Affected

samsung

exynos_2100_firmware
exynos_1280
exynos_980
exynos_1380_firmware
exynos_2200
exynos_9820_firmware
exynos_9820
exynos_1380
exynos_2200_firmware
exynos_2100
exynos_1280_firmware
exynos_980_firmware

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2023-40218", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.6}]}, "published": "2023-09-12T15:15:23.767", "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el controlador del kernel NPU en los procesadores m\u00f3viles Samsung Exynos 9820, 980, 2100, 2200, 1280 y 1380. Un Desbordamiento de Enteros puede evitar la detecci\u00f3n de casos de error a trav\u00e9s de una aplicaci\u00f3n manipulada."}], "lastModified": "2023-09-14T00:45:00.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B8C35DE-1C58-4C6E-BB15-0E3C2FECB8DA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E582F31-BCC1-4276-BC34-A38EDCC4BB01"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}