CVE-2023-30689

Vulnerability

An out-of-bounds write vulnerability exists in the BuildOemEmbmsGetSigStrengthResponse function of libsec-ril on Samsung devices. The issue affects all versions prior to the SMR Aug-2023 Release 1 [1]. The vulnerability is triggered when processing a crafted input to the RIL component, leading to a heap buffer overflow.

Exploitation

An attacker requires local access to the device, either through a malicious application or by gaining a foothold. No additional privileges are needed, as the vulnerable function is callable from user space. The attacker sends a specially crafted signal strength request that causes an out-of-bounds write within the BuildOemEmbmsGetSigStrengthResponse function.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the libsec-ril process, which runs as a system-level service. This can lead to full compromise of the device, including data exfiltration, installation of malware, or denial of service.

Mitigation

The vulnerability is patched in Samsung's Security Maintenance Release (SMR) for August 2023 [1]. Users should ensure their devices have applied the latest security updates from Samsung. No workarounds are available; the only mitigation is to install the update.