CVE-2023-30694
Description
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds write in libsec-ril allows local attackers to execute arbitrary code via crafted APDU prior to SMR Aug-2023 Release 1.
Vulnerability
An out-of-bounds write vulnerability exists in the IpcTxPcscTransmitApdu function of libsec-ril in Samsung devices prior to SMR Aug-2023 Release 1 [1]. This allows a local attacker to trigger a buffer overflow by sending a crafted APDU (Application Protocol Data Unit) to the RIL component.
Exploitation
To exploit, the attacker must have local access to the device. They can send a specially crafted APDU to the RIL (Radio Interface Layer) through the IpcTxPcscTransmitApdu function, causing an out-of-bounds write. No additional privileges are required beyond local access.
Impact
Successful exploitation results in arbitrary code execution at the privilege level of the RIL process, which typically runs with high privileges, potentially leading to full compromise of the device.
Mitigation
Samsung addressed this vulnerability in the SMR Aug-2023 Release 1 security update [1]. Users should apply the latest firmware update to mitigate the risk. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < SMR Aug-2023 Release 1
- Range: SMR Aug-2023 Release 1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.