CVE-2023-41111

Vulnerability

An improper handling of a length parameter inconsistency exists in the RLC (Radio Link Control) task and RLC module of several Samsung Exynos processors and modems. The affected products include Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123 [1]. This bug can be triggered when the RLC module processes a malformed or inconsistent length field, leading to an abnormal termination of the mobile phone.

Exploitation

An attacker would need to send a specially crafted message or modify a legitimate message to introduce a length parameter inconsistency in the RLC layer. This may be achieved by an attacker with network access to the victim’s device (e.g., via a malicious base station or over-the-air manipulation) or by a local attacker who can inject malformed RLC frames. The exact preconditions and sequence of steps are not detailed in the available references [1]; however, the issue is reachable from the RLC task without requiring authentication.

Impact

Successful exploitation causes an abnormal termination (crash) of the mobile phone’s radio stack, resulting in a denial of service (DoS). The attacker does not gain code execution or data access based on the provided description [1]. The crash may cause temporary loss of cellular connectivity or require a reboot.

Mitigation

The vendor, Samsung Semiconductor, maintains a product security update page [1], but no specific firmware version or patch release date is mentioned in the available references. Users should check with their device manufacturers for updates that address this issue. As of the publication date (2023-11-08), no known workarounds have been disclosed. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog as of the knowledge cutoff.