VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 14, 2023· Updated Feb 7, 2025

CVE-2023-29088

CVE-2023-29088

Description

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in Samsung Exynos processors due to insufficient parameter validation while decoding an SIP Session-Expires header, affecting multiple Exynos models.

Vulnerability

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header [1].

Exploitation

Not detailed in the available references. An attacker would need to send a crafted SIP Session-Expires header to the affected device to trigger the memory corruption.

Impact

Successful exploitation could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution. The specific impact is not fully disclosed but is considered high severity.

Mitigation

Samsung has released a security update addressing this vulnerability. Affected users should apply the latest firmware updates provided by Samsung. Refer to the Samsung Product Security Update page [1] for details.

References
  1. Product Security Update | Support | Samsung Semiconductor Global

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.