Heap-based Buffer Overflow Vulnerability in Samsung Mobile Chipset Products
CVE-2023-26074

9.8CRITICAL

Key Information:

Vendor: Samsung
Status: Exynos 850 Firmware
Vendor: CVE Published:; 13 March 2023

Summary

A heap-based buffer overflow vulnerability has been identified in Samsung's Mobile Chipset, specifically within the 5G MM message codec. This issue arises due to inadequate parameter validation when decoding operator-defined access category definitions across several Exynos chipsets, including the Exynos 850, 980, 1080, 1280, 2200, and their corresponding modem chipsets. Exploitation of this flaw could potentially allow unauthorized access or remote code execution, posing significant risks to device security.

References

https://semiconductor.samsung.com/processor/modem/

https://semiconductor.samsung.com/processor/mobile-proces...

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2023
Vulnerability Reserved
Feb 19, 2023