CVE-2023-26076

Vulnerability

An intra-object overflow vulnerability exists in the 5G Session Management (SM) message codec of Samsung Exynos chipsets including Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The issue occurs due to insufficient parameter validation when decoding reserved options in 5G SM messages, leading to a buffer overflow within the codec object [4]. Affected chipsets are used in many mobile devices and automotive systems.

Exploitation

An attacker can trigger this vulnerability by sending a specially crafted 5G SM message to the modem from the network. For the most severe related vulnerabilities, no user interaction is required and the attacker only needs to know the victim's phone number. However, this specific CVE (CVE-2023-26076) is considered less severe and may require either a malicious mobile network operator or local access to the device [4].

Impact

Successful exploitation could allow an attacker to execute arbitrary code within the modem's baseband processor or cause a denial of service. This could compromise the confidentiality, integrity, and availability of modem communications, potentially leading to remote code execution at the baseband level with system privileges [4].

Mitigation

Samsung Semiconductor has released security updates for affected chipsets. Device manufacturers must implement these patches in their firmware. For example, Google's Pixel devices received fixes in the March 2023 security update [4]. Users are advised to apply security updates from their device manufacturer as soon as available. Until patched, disabling Wi-Fi calling and Voice-over-LTE (VoLTE) can reduce the attack surface [4].