CVE-2023-29086

Vulnerability

A memory corruption vulnerability exists in the SIP Min-SE header parsing code of Samsung Exynos Mobile Processor, Automotive Processor, and Modem firmware. The affected components include Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. The issue is caused by insufficient parameter validation when decoding an SIP Min-SE header, allowing an attacker to trigger a stack buffer overflow or other memory corruption [1][2].

Exploitation

An attacker can exploit this vulnerability by sending a crafted SIP message with a malicious Min-SE header to the target device. No authentication is required, and the attack can be performed remotely over the network (e.g., via a malicious base station or directly to the device's modem interface). The attacker must be able to deliver the SIP packet to the vulnerable modem firmware [2].

Impact

Successful exploitation results in memory corruption within the modem firmware. Depending on the attacker's payload, this can lead to denial of service (modem crash or reboot), or potentially arbitrary code execution with the privileges of the modem firmware. This could allow the attacker to compromise the modem's operation and potentially intercept or manipulate cellular communications [1][2].

Mitigation

Samsung has released security updates to address this vulnerability. Affected users should apply the latest firmware updates provided by Samsung for their devices. The official advisory is available on Samsung's Product Security Update page [1]. No workaround is available; updating to the patched firmware version is the only recommended mitigation.