CVE-2023-26497

Vulnerability

Memory corruption occurs in the Samsung Baseband Modem Chipset when processing Session Description Negotiation for Video Configuration Attribute. The issue affects Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125 [1]. The vulnerability resides in the modem firmware's handling of video configuration during session negotiation, which can be triggered without authentication over the air.

Exploitation

An attacker with network access to the victim's device, such as a malicious base station or a rogue LTE/5G network, can send specially crafted Session Description Protocol (SDP) messages containing a malformed Video Configuration Attribute. No user interaction or authentication is required; the attack can be carried out remotely over the cellular radio interface.

Impact

Successful exploitation leads to memory corruption within the baseband processor, which could be used to execute arbitrary code at the modem privilege level (trustzone or baseband RTOS). This could allow the attacker to intercept or manipulate cellular communications, exfiltrate data, or potentially escalate to compromise the application processor.

Mitigation

Samsung has released security updates through its Product Security Update process [1]. Affected users should apply the latest firmware patches provided by their device manufacturer or carrier. No workaround exists other than updating to the patched version. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of publication.