CVE-2015-8546

Name of the Vulnerable Software and Affected Versions: Samsung mobile devices with software through 2015-11-12

Description: An issue was discovered in the baseband process of Samsung mobile devices, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow that is exploitable for remote code execution via a fake base station.

Recommendations: For Samsung mobile devices with software through 2015-11-12, update the software to a version released after 2015-11-12 to resolve the issue. As a temporary workaround, consider disabling the baseband process until a patch is available. Restrict access to the vulnerable baseband module to minimize the risk of exploitation. Avoid using the device in areas where a fake base station could be present until the issue is resolved.