Integer Overflow Vulnerability in Samsung Exynos Processors
CVE-2023-28613

9.8CRITICAL

Key Information:

Vendor: Samsung
Status: Exynos 1280 Firmware
Vendor: CVE Published:; 4 April 2023

Summary

A vulnerability has been identified in the Samsung Exynos Mobile Processor and Baseband Modem Processor, specifically affecting the Exynos 1280, Exynos 2200, and Exynos Modem 5300 models. This issue arises from an integer overflow during the handling of IPv4 fragments. Insufficient parameter validation when reassembling these fragments can lead to potential exploitation, impacting the overall security and functionality of the affected devices.

References

https://semiconductor.samsung.com/processor/modem/

https://semiconductor.samsung.com/processor/mobile-proces...

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2023
Vulnerability Reserved
Mar 18, 2023