CVE-2023-30688

Vulnerability

An out-of-bounds write vulnerability exists in the MakeUiccAuthForOem function of the libsec-ril library on Samsung mobile devices. This flaw affects devices prior to the SMR Aug-2023 Release 1 security patch. The vulnerable function is part of the RIL (Radio Interface Layer) code and is exposed to local applications, making it possible for an attacker to trigger an out-of-bounds write on the heap or stack.

Exploitation

To exploit this vulnerability, an attacker requires local access to the device, such as through a malicious application installed on the device. No elevated permissions or user interaction beyond installing the app are needed to reach the vulnerable code path. The attacker can craft a malicious input to MakeUiccAuthForOem that causes a write beyond the allocated buffer, corrupting adjacent memory.

Impact

Successful exploitation allows a local attacker to execute arbitrary code in the context of the libsec-ril process, which runs with system-level privileges. This can lead to complete compromise of the device's communications subsystem, potentially enabling data exfiltration, modification of system settings, or further privilege escalation.

Mitigation

The fix is included in Samsung's Security Maintenance Release (SMR) for August 2023 [1]. Users should update their devices to the latest security patch level. As of the publication date, no workaround is available; the only mitigation is to apply the security update. There is no indication this CVE is listed in CISA's Known Exploited Vulnerabilities catalog.