CVE-2023-24033
published 2023-03-13CVE-2023-24033: The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
34.30%
98.2th percentile
The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5pgr-37hm-gqpw: The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format t
ghsa_unreviewed·2023-03-13
CVE-2023-24033 [CRITICAL] CWE-20 GHSA-5pgr-37hm-gqpw: The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format t
The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.
Project0
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems - Project Zero
project_zero·2023-03-01·CVSS 7.5
CVE-2023-24033 [HIGH] Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems - Project Zero
Posted by Tim Willis, Project Zero
In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.
The fourteen
OSV
CVE-2023-24033: In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow
osv·2023-03-01
CVE-2023-24033 CVE-2023-24033: In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow
In TBD of TBD, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
http://packetstormsecurity.com/files/172137/Shannon-Baseband-accept-type-SDP-Attribute-Memory-Corruption.htmlhttps://semiconductor.samsung.com/processor/modem/https://semiconductor.samsung.com/support/quality-support/product-security-updates/http://packetstormsecurity.com/files/172137/Shannon-Baseband-accept-type-SDP-Attribute-Memory-Corruption.htmlhttps://semiconductor.samsung.com/processor/modem/https://semiconductor.samsung.com/support/quality-support/product-security-updates/
2023-03-13
Published