CVE-2023-24033

EUVD-2023-28097
The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
samsungexynos_modem_5300_firmware
-
samsungexynos_modem_5123_firmware
-
samsungexynos_980_firmware
-
samsungexynos_1080_firmware
-
samsungexynos_auto_t5123_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/172137/Shannon-Baseband-accept-type-SDP-Attribute-Memory-Corruption.html
https://semiconductor.samsung.com/processor/modem/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
http://packetstormsecurity.com/files/172137/Shannon-Baseband-accept-type-SDP-Attribute-Memory-Corruption.html
https://semiconductor.samsung.com/processor/modem/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/