Cyber Posture

CVE-2024-46922

High

Published: 12 February 2025

Published
12 February 2025
Modified
20 June 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0075 73.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46922 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Samsung Exynos 1480 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 26.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

SI-2 mandates timely identification, reporting, and remediation of flaws such as the null pointer dereference in the Xclipse Driver, directly preventing DoS exploitation via patches.

SI-11 Error Handling good match
prevent

SI-11 requires error and exception handling that avoids compromising availability, directly addressing the crash caused by unhandled null dereference in amdgpu_cs_parser_bos.

SI-10 Information Input Validation good match
prevent

SI-10 enforces validation of information inputs to the driver parser function, mitigating the absence of null pointer checks that enable remote DoS.

NVD Description

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver.

Deeper analysisAI

CVE-2024-46922 is a vulnerability affecting Samsung Mobile Processor Exynos 1480 and 2400 chips, stemming from the absence of a null pointer check in the amdgpu_cs_parser_bos function within the Xclipse Driver. This flaw, classified under CWE-476 (NULL Pointer Dereference), was publicly disclosed on February 12, 2025, and carries a CVSS v3.1 base score of 7.5, indicating high severity primarily due to its potential for disruption.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low attack complexity. Successful exploitation triggers a denial-of-service condition by crashing the affected driver component, resulting in high availability impact without compromising confidentiality or integrity.

Samsung has published details on this vulnerability through its product security updates portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/, where practitioners can find guidance on applicable patches or mitigations for affected Exynos-based devices.

Details

CWE(s)
CWE-476

Affected Products

samsung
exynos 1480 firmware
all versions
samsung
exynos 2400 firmware
all versions

CVEs Like This One

CVE-2025-62814Same product: Samsung Exynos 1480
CVE-2025-62817Same product: Samsung Exynos 1480
CVE-2024-46923Same product: Samsung Exynos 1480
CVE-2025-53966Same product: Samsung Exynos 1480
CVE-2025-49495Same product: Samsung Exynos 1480
CVE-2025-52519Same product: Samsung Exynos 1480
CVE-2025-27807Same product: Samsung Exynos 1480
CVE-2025-57835Same product: Samsung Exynos 1480
CVE-2024-52924Same product: Samsung Exynos 1480
CVE-2025-54328Same product: Samsung Exynos 1480

References