Arbitrary Code Execution Vulnerability in Samsung Bootloader (SVE-2017-10598)

Arbitrary Code Execution Vulnerability in Samsung Bootloader (SVE-2017-10598)

CVE-2017-18020 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.

Learn more about our Cis Benchmark Audit For Mobile Devices.