CVE-2024-52924
Published: 06 March 2025
Summary
CVE-2024-52924 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Samsung Exynos 9820 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of boundary checks during decoding of Registration Accept messages by enforcing validation of information inputs to prevent out-of-bounds stack writes.
Implements memory safeguards such as stack canaries or non-executable stack to protect against exploitation of stack-based buffer overflows from unvalidated message decoding.
Requires identification, reporting, and correction of the specific buffer overflow flaw via Samsung's provided product security updates to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote stack-based buffer overflow in NRMM message decoding directly enables exploitation resulting in process crashes and denial of service on the affected mobile/modem component.
NVD Description
An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack…
more
of boundary check during the decoding of Registration Accept messages can lead to out-of-bounds writes on the stack
Deeper analysisAI
CVE-2024-52924 is a stack-based buffer overflow vulnerability (CWE-121) discovered in the NRMM component of Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The flaw arises from a lack of boundary checks during the decoding of Registration Accept messages, potentially leading to out-of-bounds writes on the stack. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2025-03-06.
The vulnerability can be exploited by remote attackers over the network with low attack complexity, requiring no authentication privileges or user interaction. Exploitation triggers out-of-bounds stack writes, resulting in high-impact denial-of-service conditions through availability disruption, such as process crashes, while confidentiality and integrity remain unaffected.
Samsung provides mitigation details through product security updates published on their semiconductor support page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/.
Details
- CWE(s)