CVE-2020-28343

HIGH

Samsung Android P(9.0) and Q(10.0) - Out-of-bounds Write in NPU Driver

Title source: llm
STIX 2.1

Description

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 15.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
google/android 9.0
google/android 10.0
Published Nov 08, 2020
Tracked Since Feb 18, 2026