Lucene search

[email protected]CVE-2023-26073

HistoryMar 13, 2023 - 2:15 p.m.

CVE-2023-26073

2023-03-1314:15:12

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-26073

samsung

mobile chipset

baseband

modem

exynos

buffer overflow

mm message codec

parameter validation

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.

Affected configurations

NVD

Node

samsungexynos_850_firmwareMatch-

AND

samsungexynos_850Match-

Node

samsungexynos_980_firmwareMatch-

AND

samsungexynos_980Match-

Node

samsungexynos_1080_firmwareMatch-

AND

samsungexynos_1080Match-

Node

samsungexynos_1280_firmwareMatch-

AND

samsungexynos_1280Match-

Node

samsungexynos_2200_firmwareMatch-

AND

samsungexynos_2200Match-

Node

samsungexynos_modem_5123_firmwareMatch-

AND

samsungexynos_modem_5123Match-

Node

samsungexynos_modem_5300_firmwareMatch-

AND

samsungexynos_modem_5300Match-

Node

samsungexynos_auto_t5123_firmwareMatch-

AND

samsungexynos_auto_t5123Match-

Node

samsungexynos_w920_firmwareMatch-

AND

samsungexynos_w920Match-

CPENameOperatorVersion
samsung:exynos_850_firmwaresamsung exynos 850 firmwareeq-

CPE	Name	Operator	Version
samsung:exynos_850_firmware	samsung exynos 850 firmware	eq	-

References

packetstormsecurity.com/files/171380/Shannon-Baseband-NrmmMsgCodec-Extended-Emergency-Number-List-Heap-Buffer-Overflow.html

bugs.chromium.org/p/project-zero/issues/detail?id=2396

googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

semiconductor.samsung.com/processor/mobile-processor/

semiconductor.samsung.com/processor/modem/

semiconductor.samsung.com/support/quality-support/product-security-updates/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.7%

JSON

Related for CVE-2023-26073

nvd1 prion1 cvelist1 googleprojectzero1