Samsung Exynos Processors and Modems Vulnerable to Information Disclosure Due to Incorrect State Checking
CVE-2024-29152

7.5HIGH

Key Information:

Vendor: Samsung
Status: Exynos 980 Firmware
Vendor: CVE Published:; 4 June 2024

What is CVE-2024-29152?

A significant vulnerability has been identified in Samsung's Exynos mobile processors, wearable processors, and modems. This issue arises from improper state checks in the baseband software related to the Radio Resource Control (RRC) Reconfiguration message. The flaw has the potential to expose sensitive information, impacting user privacy and security across multiple devices utilizing the Exynos architecture, including both mobile and wearable devices. The vulnerability affects a range of Exynos models, complicating the security landscape for Samsung users.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2024