Cyber Posture

CVE-2024-46923

High

Published: 12 February 2025

Published
12 February 2025
Modified
20 June 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0050 65.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46923 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Samsung Exynos 2200 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 34.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the missing null check in the Xclipse Driver's amdgpu_cs_ib_fill function through timely application of Samsung's product security patches.

SC-5 Denial-of-service Protection good match
preventdetect

Provides comprehensive protection against the network-exploitable DoS vulnerability by validating resource requests and limiting consumption in the affected GPU driver.

SI-10 Information Input Validation good match
prevent

Mandates input validation, including null checks, for driver functions like amdgpu_cs_ib_fill to prevent uncontrolled resource consumption leading to DoS.

NVD Description

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver.

Deeper analysisAI

CVE-2024-46923 is a vulnerability affecting the Xclipse Driver in Samsung Mobile Processors Exynos 2200, 1480, and 2400. The issue stems from the absence of a null check in the amdgpu_cs_ib_fill function, which can trigger a Denial of Service condition. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-400 (Uncontrolled Resource Consumption).

The vulnerability is exploitable remotely over the network by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation results in a high-impact denial of service, disrupting system availability without compromising confidentiality or integrity.

Samsung's product security updates, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/, provide details on patches and mitigation measures for affected Exynos processors.

Details

CWE(s)
CWE-400

Affected Products

samsung
exynos 2200 firmware
all versions
samsung
exynos 1480 firmware
all versions
samsung
exynos 2400 firmware
all versions

CVEs Like This One

CVE-2024-46922Same product: Samsung Exynos 1480
CVE-2025-58349Same product: Samsung Exynos 1480
CVE-2025-54324Same product: Samsung Exynos 1480
CVE-2025-59440Same product: Samsung Exynos 1480
CVE-2025-62814Same product: Samsung Exynos 1480
CVE-2025-43706Same product: Samsung Exynos 2400
CVE-2025-59439Same vendor: Samsung
CVE-2025-62817Same product: Samsung Exynos 1480
CVE-2025-53966Same product: Samsung Exynos 1480
CVE-2025-49495Same product: Samsung Exynos 1480

References