CVE-2024-49406

MEDIUM

Blockchain Keystore <1.3.16 - Privilege Escalation

Title source: llm

Description

Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.

References (1)

[Vendor Advisory] https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=11

Scores

CVSS v3 6.7

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-354

Status published

Products (1)

samsung/blockchain_keystore < 1.3.16

Published Nov 06, 2024

Tracked Since Feb 18, 2026