CVE-2023-26072

Vulnerability

A heap-based buffer overflow exists in the 5G Mobility Management (MM) message codec of Samsung Exynos chipsets including Exynos 850, 980, 1080, 1280, 2200, Modem 5123, 5300, and Auto T5123 [1]. The vulnerability occurs due to insufficient parameter validation when decoding the Emergency number list from a NAS message. This issue is one of fourteen less severe vulnerabilities reported by Project Zero [4].

Exploitation

Exploitation requires either a malicious mobile network operator (MMO) that can inject crafted 5G NAS messages, or an attacker with local access to the device. The attacker crafts a malformed Emergency number list that triggers the heap overflow during decoding. No user interaction is needed when the attacker controls the network; local access may involve a malicious app [4].

Impact

Successful exploitation leads to a heap buffer overflow in the baseband processor, potentially allowing an attacker to corrupt memory and achieve arbitrary code execution at the baseband level. This compromises the confidentiality, integrity, and availability of baseband communications, though the attack surface is limited compared to the more severe internet-to-baseband RCE vulnerabilities [4].

Mitigation

Samsung has released security updates for affected chipsets; contact the device manufacturer for specific patch availability. As of March 2023, Google Pixel devices had received fixes for related vulnerabilities [4]. Defenders should consult the Samsung Product Security Update page [1] for the latest advisory. Users with affected devices are advised to apply updates as soon as possible.