CVE-2023-49927

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980 through 2200 Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 1280 through 1380 Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 1330 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 9110 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 850 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 1080 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 2100 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 2200 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 1280 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 1380 Samsung Mobile Processor, Wearable Processor, and Modem Exynos version 1330 Samsung Mobile Processor, Wearable Processor, and Modem Exynos W920 Samsung Mobile Processor, Wearable Processor, and Modem Exynos Modem 5123 Samsung Mobile Processor, Wearable Processor, and Modem Exynos Modem 5300

Description An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.

Recommendations Update Samsung Mobile Processor, Wearable Processor, and Modem Exynos to a version that includes the fix for this issue. As a temporary workaround, consider disabling the use of the baseband software until a patch is available. Restrict access to the baseband software to minimize the risk of exploitation. Avoid using the RRC format types in the affected baseband software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.