Lucene search

MitreCVE-2023-24033

HistoryMar 13, 2023 - 12:15 p.m.

CVE-2023-24033

2023-03-1312:15:11

mitre

web.nvd.nist.gov

114

samsung

exynos

modem

5123

5300

980

1080

auto

t512

sdp

format type

vulnerability

denial of service

cve-2023-24033

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.

Affected configurations

Nvd

Node

samsungexynos_modem_5300Match-

AND

samsungexynos_modem_5300_firmwareMatch-

Node

samsungexynos_modem_5123Match-

AND

samsungexynos_modem_5123_firmwareMatch-

Node

samsungexynos_980Match-

AND

samsungexynos_980_firmwareMatch-

Node

samsungexynos_1080Match-

AND

samsungexynos_1080_firmwareMatch-

Node

samsungexynos_auto_t5123Match-

AND

samsungexynos_auto_t5123_firmwareMatch-

VendorProductVersionCPE
samsungexynos_modem_5300-cpe:2.3:h:samsung:exynos_modem_5300:-:*:*:*:*:*:*:*
samsungexynos_modem_5300_firmware-cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:*:*:*:*:*:*:*
samsungexynos_modem_5123-cpe:2.3:h:samsung:exynos_modem_5123:-:*:*:*:*:*:*:*
samsungexynos_modem_5123_firmware-cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:*:*:*:*:*:*:*
samsungexynos_980-cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
samsungexynos_980_firmware-cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
samsungexynos_1080-cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*
samsungexynos_1080_firmware-cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*
samsungexynos_auto_t5123-cpe:2.3:h:samsung:exynos_auto_t5123:-:*:*:*:*:*:*:*
samsungexynos_auto_t5123_firmware-cpe:2.3:o:samsung:exynos_auto_t5123_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	exynos_modem_5300	-	cpe:2.3:h:samsung:exynos_modem_5300:-:::::::*
samsung	exynos_modem_5300_firmware	-	cpe:2.3:o:samsung:exynos_modem_5300_firmware:-:::::::*
samsung	exynos_modem_5123	-	cpe:2.3:h:samsung:exynos_modem_5123:-:::::::*
samsung	exynos_modem_5123_firmware	-	cpe:2.3:o:samsung:exynos_modem_5123_firmware:-:::::::*
samsung	exynos_980	-	cpe:2.3:h:samsung:exynos_980:-:::::::*
samsung	exynos_980_firmware	-	cpe:2.3:o:samsung:exynos_980_firmware:-:::::::*
samsung	exynos_1080	-	cpe:2.3:h:samsung:exynos_1080:-:::::::*
samsung	exynos_1080_firmware	-	cpe:2.3:o:samsung:exynos_1080_firmware:-:::::::*
samsung	exynos_auto_t5123	-	cpe:2.3:h:samsung:exynos_auto_t5123:-:::::::*
samsung	exynos_auto_t5123_firmware	-	cpe:2.3:o:samsung:exynos_auto_t5123_firmware:-:::::::*

References

packetstormsecurity.com/files/172137/Shannon-Baseband-accept-type-SDP-Attribute-Memory-Corruption.html

semiconductor.samsung.com/processor/modem/

semiconductor.samsung.com/support/quality-support/product-security-updates/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Related for CVE-2023-24033