CVE-2023-30668

Vulnerability

Out-of-bounds write vulnerability in the BuildOemSecureSimLockResponse function of libsec-ril in Samsung mobile devices. Affected versions are prior to SMR Jul-2023 Release 1. The vulnerability exists in the RIL (Radio Interface Layer) library, which handles SIM lock responses. The function writes beyond allocated buffer bounds when constructing OEM secure SIM lock responses.

Exploitation

A local attacker with low privileges can trigger the out-of-bounds write by sending a crafted input to the RIL daemon. No user interaction is required beyond the attacker having local access to the device. The attacker can exploit this to corrupt memory and achieve arbitrary code execution.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the RIL process, which runs with system privileges. This can lead to full compromise of the device's telephony stack and potentially escalate to kernel-level access.

Mitigation

Fixed in Samsung Mobile Security (SMR) Jul-2023 Release 1 [1]. Users should update their devices to the latest security patch level. No workarounds are available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.