Authorization Flaw in Samsung Exynos Processors and Modems
CVE-2024-29153

8.1HIGH

Key Information:

Vendor

Samsung

Vendor
CVE Published:
9 July 2024

What is CVE-2024-29153?

A serious flaw has been identified in Samsung's Exynos mobile processors, wearable processors, and modems, impacting several versions including Exynos 9820 through to Exynos Modem 5300. This vulnerability arises from improper authorization handling of LTE NAS messages, presenting a risk of unauthorized network access. This could potentially enable attackers to downgrade devices to less secure network generations, exposing them to significant security threats, including denial-of-service (DDoS) conditions. Users are urged to review the affected products and implement necessary security updates.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.