CVE-2024-46921

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Modem Exynos versions 980 through 9825 Samsung Mobile Processor and Modem Exynos versions 990 through 2400 Samsung Mobile Processor and Modem Exynos versions 1280 through 1480 Samsung Mobile Processor and Modem Exynos versions 9110, W1000 Modem 5123, Modem 5300, Modem 5400

Description: An issue was discovered in Samsung Mobile Processor and Modem Exynos where the UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service, also known as a battery-drain attack.

Recommendations: For Samsung Mobile Processor and Modem Exynos versions 980 through 9825, consider implementing a limit on the number of attempts for the RRC Setup procedure to prevent denial of service attacks. For Samsung Mobile Processor and Modem Exynos versions 990 through 2400, restrict the RRC Setup procedure to minimize the risk of exploitation. For Samsung Mobile Processor and Modem Exynos versions 1280 through 1480, disable the RRC Setup procedure until a patch is available. For Samsung Mobile Processor and Modem Exynos versions 9110, W1000, and Modem 5123, Modem 5300, Modem 5400, avoid using the affected modems in 5G SA mode until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.