CVE-2023-50804

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor and Modem Exynos versions 9820 through 9825 Samsung Mobile Processor and Modem Exynos versions 980 through 990 Samsung Mobile Processor and Modem Exynos versions 850 through 1080 Samsung Mobile Processor and Modem Exynos versions 2100 through 2200 Samsung Mobile Processor and Modem Exynos versions 1280 through 1380 Samsung Mobile Processor and Modem Exynos version 1330 Exynos Modem 5123 Exynos Modem 5300 Auto T5123

Description An issue was discovered in the baseband software of Samsung Mobile Processor and Modem Exynos, where it does not properly check format types specified by the NAS (Non-Access-Stratum) module. This can lead to bypass of authentication.

Recommendations For Exynos 9820 through 9825, update the baseband software to properly check format types specified by the NAS module. For Exynos 980 through 990, update the baseband software to properly check format types specified by the NAS module. For Exynos 850 through 1080, update the baseband software to properly check format types specified by the NAS module. For Exynos 2100 through 2200, update the baseband software to properly check format types specified by the NAS module. For Exynos 1280 through 1380, update the baseband software to properly check format types specified by the NAS module. For Exynos 1330, update the baseband software to properly check format types specified by the NAS module. For Exynos Modem 5123, update the baseband software to properly check format types specified by the NAS module. For Exynos Modem 5300, update the baseband software to properly check format types specified by the NAS module. For Auto T5123, update the baseband software to properly check format types specified by the NAS module. As a temporary workaround, consider restricting access to the NAS module until a patch is available.