CVE-2023-26074

Name of the Vulnerable Software and Affected Versions Samsung Mobile Chipset and Baseband Modem Chipset for Exynos versions 850, 980, 1080, 1280, 2200 Samsung Exynos Modem versions 5123, 5300 Samsung Exynos Auto version T5123 Samsung Exynos W920

Description A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding operator-defined access category definitions.

Recommendations For Samsung Mobile Chipset and Baseband Modem Chipset for Exynos versions 850, 980, 1080, 1280, 2200, consider disabling the 5G MM message codec until a patch is available. For Samsung Exynos Modem versions 5123, 5300, restrict access to the 5G MM message codec to minimize the risk of exploitation. For Samsung Exynos Auto version T5123 and Samsung Exynos W920, avoid using the operator-defined access category definitions in the 5G MM message codec until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.