CVE-2024-31955

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Oct 15, 2024

Summary

CVE-2024-31955 identifies a vulnerability in Samsung eMMC products utilizing the KLMAG2GE4A and KLM8G1WEMB firmware, where attackers can exploit Electromagnetic Fault Injection to bypass authentication and write to the Replay Protected Memory Block (RPMB) without access to secret information. This vulnerability poses a medium severity risk with a CVSS score of 4.9, primarily affecting the integrity of data due to high potential impact, while confidentiality remains unaffected. Remediation steps have not been explicitly detailed but are likely to involve firmware updates or patches from Samsung. Organizations using these affected products could face significant risks if an attacker successfully manipulates data integrity within the RPMB, potentially leading to unauthorized access or alterations. For further information and support, organizations are encouraged to refer to Samsung's product security updates page.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share