CVE-2024-49197
Medium
Published: 27 May 2025
Published
27 May 2025
Modified
25 June 2025
KEV Added
—
Patch
—
CVSS Score v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.0030
53.3th percentile
Risk Priority
13
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-49197 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Samsung Exynos 980 Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 46.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16421
Vulnerability details
An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
samsung
exynos 980 firmware
all versions
samsung
exynos 850 firmware
all versions
samsung
exynos 1080 firmware
all versions
samsung
exynos 1280 firmware
all versions
samsung
exynos 1330 firmware
all versions
samsung
exynos 1380 firmware
all versions
samsung
exynos 1480 firmware
all versions
samsung
exynos w920 firmware
all versions
samsung
exynos w930 firmware
all versions
samsung
exynos w1000 firmware
all versions
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.