CVE-2024-39890

Name of the Vulnerable Software and Affected Versions Samsung Exynos versions 980 through 9825 Samsung Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110 Samsung Exynos Modem versions 5123, 5300 Samsung Exynos Wearable Processor versions W920, W930, W1000

Description An issue was discovered in the baseband software of Samsung Mobile Processor, Wearable Processor, and Modem Exynos. The software does not properly check the length specified by the CC (Call Control), which can lead to an Out-of-Bounds write.

Recommendations For Samsung Exynos versions 980 through 9825, update the baseband software to a version that properly checks the length specified by the CC. For Samsung Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, restrict access to the baseband software until a patch is available. For Samsung Exynos Modem versions 5123, 5300, consider disabling the modem functionality until a fix is provided. For Samsung Exynos Wearable Processor versions W920, W930, W1000, avoid using the affected processor until the issue is resolved. As a temporary workaround, consider disabling the checkLength() function in the baseband software until a patch is available.