CVE-2024-48883

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980 through 9825 Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110 Samsung Mobile Processor, Wearable Processor, and Modem Exynos W920, W930, W1000 Samsung Mobile Processor, Wearable Processor, and Modem Modem 5123, Modem 5300

Description: The issue is related to the incorrect handling of a malformed uplink scheduling message by the UE, resulting in an information leak of the UE. This occurs in the Samsung Mobile Processor, Wearable Processor, and Modem Exynos chipsets.

Recommendations: For Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980 through 9825, update to a newer version that contains a fix for this issue. For Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, update to a newer version that contains a fix for this issue. For Samsung Mobile Processor, Wearable Processor, and Modem Exynos W920, W930, W1000, update to a newer version that contains a fix for this issue. For Samsung Mobile Processor, Wearable Processor, and Modem Modem 5123, Modem 5300, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the handling of uplink scheduling messages to minimize the risk of exploitation.