CVE-2023-41112

Vulnerability

A buffer copy without checking the size of the input exists in the RLC task and RLC module of multiple Samsung Exynos processors and modems. Affected products include Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123 [1]. The issue occurs when the RLC component copies data into a buffer without verifying that the destination buffer is large enough to hold the source data.

Exploitation

An attacker must be able to send crafted network traffic or otherwise supply input that reaches the vulnerable RLC module. The exact prerequisite level of access or network position is not detailed in the available references; however, a remote unauthenticated attacker could potentially trigger the condition by sending a malformed packet to the device [1]. No user interaction is required if the device automatically processes incoming RLC frames.

Impact

Successful exploitation results in abnormal termination of the mobile phone (denial of service). The impact is limited to availability; there is no current evidence of code execution or information disclosure in the published references [1].

Mitigation

Samsung has addressed this vulnerability via a security update. Users are advised to apply the latest firmware updates from their device manufacturer. The exact patched version numbers per chipset are not individually listed in the advisory, but users should consult the Samsung Product Security Updates page [1] for the appropriate patch level. No upstream workaround other than updating is available.