Null Pointer Validation Vulnerability in Samsung Exynos Processors
CVE-2023-37368

5.9MEDIUM

Key Information:

Vendor: Samsung
Status: Exynos 9810 Firmware
Vendor: CVE Published:; 8 September 2023

What is CVE-2023-37368?

A vulnerability has been identified in the Samsung Exynos Mobile Processor and Automotive Processor series that involves insufficient validation of a NULL pointer in the Shannon MM Task. This flaw could be exploited through malformed NR MM packets, potentially leading to abnormal termination of affected systems. Models impacted include various iterations of Exynos processors and modems, raising important security concerns in affected devices. Users are advised to remain vigilant and consult Samsung’s security updates for remediation steps.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Jun 30, 2023