Out-of-Bounds Access Vulnerability in Samsung Exynos Mobile and Wearable Processors
CVE-2023-50806

8.4HIGH

Key Information:

Vendor: Samsung
Status: Exynos Modem 5123 Firmware
Vendor: CVE Published:; 9 July 2024

What is CVE-2023-50806?

A vulnerability exists in Samsung's range of Exynos mobile processors and modems, which includes several versions such as Exynos 9820, 9825, 980, 990, and more. This vulnerability enables out-of-bounds access to a heap buffer in the SIM Proactive Command, potentially allowing malicious entities to exploit this weakness. The affected devices may experience unauthorized access to sensitive functionalities, raising significant security concerns for users and manufacturers alike.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024