Cyber Resilience

CVE-2024-39343

High

Published: 02 December 2024

Published
02 December 2024
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0108 78.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39343 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Samsung Exynos 2100 Firmware. Its CVSS base score is 7.0 (High).

Operationally, ranked in the top 21.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management)…

more

module, which can lead to Denial of Service.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
exynos 2100 firmware
all versions
samsung
exynos 1280 firmware
all versions
samsung
exynos 1330 firmware
all versions
samsung
exynos 1380 firmware
all versions
samsung
exynos 1480 firmware
all versions
samsung
exynos 2400 firmware
all versions
samsung
exynos 9110 firmware
all versions
samsung
exynos modem 5123 firmware
all versions
samsung
exynos modem 5300 firmware
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References