CVE-2023-30670
Description
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds write in libsec-ril's BuildIpcFactoryDeviceTestEvent allows local arbitrary code execution; fixed in Samsung SMR Jul-2023 Release 1.
Vulnerability
An out-of-bounds write vulnerability exists in the BuildIpcFactoryDeviceTestEvent function of the libsec-ril library on Samsung devices. This flaw affects versions prior to the Samsung Mobile Security (SMR) Jul-2023 Release 1 [1]. The vulnerability is triggered when processing a specially crafted input, leading to a write beyond the allocated buffer.
Exploitation
A local attacker can exploit this vulnerability by sending a malicious input to the vulnerable function. No authentication is required beyond local access to the device. The attacker must be able to interact with the RIL (Radio Interface Layer) component, which is accessible to local processes [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the libsec-ril process, which runs with elevated privileges. This can lead to full compromise of the device, including unauthorized access to sensitive data and system control [1].
Mitigation
Samsung addressed this vulnerability in the SMR Jul-2023 Release 1 security update [1]. Users are advised to install the latest firmware update to remediate the issue. No workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < SMR Jul-2023 Release 1
- Range: SMR Jul-2023 Release 1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.