Heap-based Buffer Overflow in Samsung Exynos Mobile Chipsets
CVE-2023-26072

9.8CRITICAL

Key Information:

Vendor: Samsung
Status: Exynos 850 Firmware
Vendor: CVE Published:; 13 March 2023

What is CVE-2023-26072?

An identified issue in Samsung Mobile Chipsets entails a heap-based buffer overflow occurring in the 5G MM message codec, attributable to inadequate validation of parameters when decoding the Emergency number list. This vulnerability potentially exposes devices to manipulation and remote exploitation, impacting the overall integrity and security of data transmission in mobile networks.

References

https://semiconductor.samsung.com/processor/modem/

https://semiconductor.samsung.com/processor/mobile-proces...

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2023
Vulnerability Reserved
Feb 19, 2023