CVE-2023-24033

Name of the Vulnerable Software and Affected Versions Samsung Exynos Modem 5123 Samsung Exynos Modem 5300 Samsung Exynos 980 Samsung Exynos 1080 Samsung Exynos Auto T512

Description The Samsung Exynos Modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. Researchers from Google Project Zero reported 18 vulnerabilities in Samsung Exynos 5G/LTE/GSM modems, with four of them allowing code execution on the baseband chip level through internet-based manipulations. It is believed that qualified attackers could prepare a working exploit to remotely gain control over the wireless module, knowing only the victim's phone number, after conducting additional research. The attack can be conducted unnoticed by the user and does not require any actions from them.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.