CVE-2023-42537

high-risk

Published 2023-11-07

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Do I need to act?

-

0.07% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (20)

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Affected Vendors

Samsung

References (2)

Vendor Advisory https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11

Vendor Advisory https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11

54

/ 100

high-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 28/34 · Critical