Unrated severityNVD Advisory· Published Apr 14, 2023· Updated Feb 7, 2025

CVE-2023-29087

Description

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Samsung Exynos baseband due to insufficient validation of SIP Retry-After header, leading to potential remote code execution.

Vulnerability

The vulnerability is a memory corruption issue in the baseband firmware of Samsung Exynos processors. It occurs due to insufficient parameter validation when decoding an SIP Retry-After header. Affected products include Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123 [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted SIP message containing a malicious Retry-After header to the target device. No authentication is required, as the baseband processes incoming SIP messages. The vulnerability can be triggered remotely over the network.

Impact

Successful exploitation leads to memory corruption, which could allow an attacker to execute arbitrary code on the baseband processor. This could result in full compromise of the device's communication capabilities, including potential for remote code execution with baseband privileges.

Mitigation

Samsung has not publicly disclosed a specific patch or workaround for this vulnerability in the available references [1]. Users are advised to monitor Samsung's product security updates for future fixes. If a patch becomes available, it should be applied promptly.

References

Product Security Update | Support | Samsung Semiconductor Global

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Samsung Mobile/Exynos Modem 5123 Firmwarecpe-rescue
Samsung Mobile/Exynos Modem 5123llm-fuzzy
Samsung Mobile/Mobile Processor Exynosllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000