Lucene search

Samsung MobileCVE-2023-30668

HistoryJul 06, 2023 - 3:15 a.m.

CVE-2023-30668

2023-07-0603:15:11

CWE-787

Samsung Mobile

web.nvd.nist.gov

cve-2023-30668

out-of-bounds write

libsec-ril

arbitrary code execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Affected configurations

Nvd

Node

samsungandroidMatch11.0smr-apr-2021-r1

samsungandroidMatch11.0smr-apr-2022-r1

samsungandroidMatch11.0smr-apr-2023-r1

samsungandroidMatch11.0smr-aug-2021-r1

samsungandroidMatch11.0smr-aug-2022-r1

samsungandroidMatch11.0smr-dec-2020-r1

samsungandroidMatch11.0smr-dec-2021-r1

samsungandroidMatch11.0smr-dec-2022-r1

samsungandroidMatch11.0smr-feb-2021-r1

samsungandroidMatch11.0smr-feb-2022-r1

samsungandroidMatch11.0smr-feb-2023-r1

samsungandroidMatch11.0smr-jan-2021-r1

samsungandroidMatch11.0smr-jan-2022-r1

samsungandroidMatch11.0smr-jan-2023-r1

samsungandroidMatch11.0smr-jul-2021-r1

samsungandroidMatch11.0smr-jul-2022-r1

samsungandroidMatch11.0smr-jun-2021-r1

samsungandroidMatch11.0smr-jun-2022-r1

samsungandroidMatch11.0smr-jun-2023-r1

samsungandroidMatch11.0smr-mar-2021-r1

samsungandroidMatch11.0smr-mar-2022-r1

samsungandroidMatch11.0smr-mar-2023-r1

samsungandroidMatch11.0smr-may-2021-r1

samsungandroidMatch11.0smr-may-2022-r1

samsungandroidMatch11.0smr-may-2023-r1

samsungandroidMatch11.0smr-nov-2022-r1

samsungandroidMatch11.0smr-nov-2023-r1

samsungandroidMatch11.0smr-oct-2021-r1

samsungandroidMatch11.0smr-oct-2023-r1

samsungandroidMatch11.0smr-sep-2021-r1

samsungandroidMatch11.0smr-sep-2022-r1

samsungandroidMatch12.0smr-apr-2022-r1

samsungandroidMatch12.0smr-apr-2023-r1

samsungandroidMatch12.0smr-aug-2022-r1

samsungandroidMatch12.0smr-dec-2021-r1

samsungandroidMatch12.0smr-dec-2022-r1

samsungandroidMatch12.0smr-feb-2022-r1

samsungandroidMatch12.0smr-feb-2023-r1

samsungandroidMatch12.0smr-jan-2022-r1

samsungandroidMatch12.0smr-jan-2023-r1

samsungandroidMatch12.0smr-jul-2022-r1

samsungandroidMatch12.0smr-jun-2022-r1

samsungandroidMatch12.0smr-jun-2023-r1

samsungandroidMatch12.0smr-mar-2022-r1

samsungandroidMatch12.0smr-mar-2023-r1

samsungandroidMatch12.0smr-may-2022-r1

samsungandroidMatch12.0smr-may-2023-r1

samsungandroidMatch12.0smr-nov-2021-r1

samsungandroidMatch12.0smr-nov-2022-r1

samsungandroidMatch12.0smr-oct-2022-r1

samsungandroidMatch12.0smr-sep-2022-r1

samsungandroidMatch13.0smr-apr-2023-r1

samsungandroidMatch13.0smr-dec-2022-r1

samsungandroidMatch13.0smr-feb-2023-r1

samsungandroidMatch13.0smr-jan-2023-r1

samsungandroidMatch13.0smr-jun-2023-r1

samsungandroidMatch13.0smr-mar-2023-r1

samsungandroidMatch13.0smr-may-2023-r1

samsungandroidMatch13.0smr-nov-2022-r1

samsungandroidMatch13.0smr-oct-2022-r1

VendorProductVersionCPE
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*
samsungandroid11.0cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*

Vendor	Product	Version	CPE
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1::::::
samsung	android	11.0	cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1::::::

Rows per page:

1-10 of 601

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "status": "unaffected",
        "version": "SMR Jul-2023 Release 1"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=07

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-30668