CVE-2023-30686

Vulnerability

An out-of-bounds write vulnerability exists in the ReqDataRaw function of libsec-ril on Samsung mobile devices. This issue affects devices running firmware prior to the SMR Aug-2023 Release 1 [1]. The bug is reachable when a local application sends a crafted request to the libsec-ril library, which handles radio interface layer communications.

Exploitation

An attacker with local access to the device and the ability to issue commands to the RIL (Radio Interface Layer) can trigger a write operation that oversteps the allocated buffer bounds. No additional authentication is required beyond the local execution context, and no user interaction is needed beyond running the malicious application.

Impact

Successful exploitation allows the attacker to achieve arbitrary code execution within the context of the libsec-ril process. Since this library operates with elevated system privileges, the attacker can gain significant control over the device's radio subsystem and potentially escalate to full system compromise, leading to information disclosure, data corruption, or denial of service.

Mitigation

Samsung addressed the vulnerability in the SMR Aug-2023 Release 1 security update [1]. Users should update their devices to the latest firmware provided by Samsung. There is no known workaround, and no evidence of exploitation in the wild beyond proof-of-concept demonstrations.