Intra-Object Overflow in Samsung Mobile and Baseband Modem Chipsets
CVE-2023-26075

9.8CRITICAL

Key Information:

Vendor: Samsung
Status: Exynos 850 Firmware
Vendor: CVE Published:; 10 March 2023

What is CVE-2023-26075?

A notable vulnerability has been identified in Samsung's Mobile Chipset and Baseband Modem Chipset that affects several models, including Exynos 850 and Exynos 980, among others. This vulnerability can lead to an intra-object overflow due to inadequate parameter validation during the decoding process of the Service Area List within the 5G MM message codec. Such overflow issues can potentially allow attackers to exploit affected systems, creating security risks. Users and organizations utilizing these chipsets should remain vigilant and apply any offered security updates.

References

https://semiconductor.samsung.com/processor/modem/

https://semiconductor.samsung.com/processor/mobile-proces...

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2023
Vulnerability Reserved
Feb 19, 2023