CVE-2023-30665
Description
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in libsec-ril's OnOemServiceMode allows local attackers to cause an out-of-bounds read on Samsung devices.
Vulnerability
An improper input validation vulnerability exists in the OnOemServiceMode function of libsec-ril on Samsung devices prior to the SMR Jul-2023 Release 1 [1]. This allows a local attacker to trigger an out-of-bounds read by providing crafted input to the function.
Exploitation
To exploit this vulnerability, an attacker must have local access to the device and be able to interact with the RIL (Radio Interface Layer) service. The attacker sends a malformed OEM service mode request that bypasses input validation, causing libsec-ril to read beyond the bounds of an allocated buffer.
Impact
Successful exploitation results in an out-of-bounds read, which could lead to information disclosure of sensitive kernel or process memory. The attacker gains no direct code execution but may obtain data useful for further attacks.
Mitigation
The vulnerability is patched in Samsung's SMR Jul-2023 Release 1 [1]. Users should update their devices to this security maintenance release or later. No workarounds are available for unpatched devices.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < SMR Jul-2023 Release 1
- Range: SMR Jul-2023 Release 1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.