Samsung Exynos Processors and Modems Vulnerable to Information Disclosure Due to Incorrect State Checking
CVE-2024-28818
7.5HIGH
Summary
A serious vulnerability has been identified within the Samsung Exynos Mobile Processors and Wearable Processors, particularly affecting multiple generations including Exynos 980, 990, 1080, 2100, 2200, 1280, 1380, 1330, 2400, along with Exynos Modem 5123 and 5300. This issue arises from inadequate verification of states as dictated by the Radio Resource Control (RRC) module within the baseband software. As a consequence, this flaw may allow unauthorized access to sensitive information, posing significant risks to users relying on devices powered by these processors.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published