Authorization Flaw in Samsung Exynos Processors and Modems
CVE-2024-29153

8.1HIGH

Key Information:

Vendor: Samsung
Status: Exynos 9820 Firmware
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-29153?

A serious flaw has been identified in Samsung's Exynos mobile processors, wearable processors, and modems, impacting several versions including Exynos 9820 through to Exynos Modem 5300. This vulnerability arises from improper authorization handling of LTE NAS messages, presenting a risk of unauthorized network access. This could potentially enable attackers to downgrade devices to less secure network generations, exposing them to significant security threats, including denial-of-service (DDoS) conditions. Users are urged to review the affected products and implement necessary security updates.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024