VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 14, 2023· Updated Feb 7, 2025

CVE-2023-29085

CVE-2023-29085

Description

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Samsung Exynos baseband due to insufficient validation of SIP status line parameters, affecting multiple modem and processor models.

Vulnerability

Insufficient parameter validation in the SIP status line decoding routine of Samsung Exynos baseband firmware leads to memory corruption. Affected products include Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123 [1]. The vulnerability resides in the baseband processor's handling of SIP signaling messages.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted SIP status line to the target device's baseband over the cellular network. No authentication is required, and the attack can be performed remotely without user interaction. The insufficient validation allows the attacker to corrupt memory in the baseband firmware.

Impact

Successful exploitation results in memory corruption, which could lead to denial of service or potentially arbitrary code execution within the baseband processor. This could allow the attacker to compromise the device's cellular communication capabilities or gain elevated privileges.

Mitigation

Samsung has not publicly disclosed a specific patch or fixed version for this vulnerability in the available references. Users should apply any firmware updates provided by Samsung for their devices. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.

References
  1. Product Security Update | Support | Samsung Semiconductor Global

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung/Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123description
  • Samsung Mobile/Exynosllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.