CVE-2023-50807

Vulnerability

An out-of-bounds write vulnerability in the heap exists in Samsung's wearable processor and modem chipsets: Exynos 9110, Exynos Modem 5123, and Exynos Modem 5300 [1][2]. The flaw is triggered by processing specially crafted 2G network packets without any authentication, leading to a heap overflow condition [2].

Exploitation

An attacker needs only proximity to a vulnerable device and the ability to transmit malicious 2G baseband frames. No authentication or user interaction is required. By sending crafted 2G signaling messages, the attacker can trigger the out-of-bounds write in the modem's heap [1][2].

Impact

Successful exploitation can lead to arbitrary code execution at the modem privilege level, potentially allowing the attacker to control the device's cellular communication, exfiltrate data, or pivot to the main application processor. The vulnerability is rated High severity [1][2].

Mitigation

Samsung has released security patches for the affected modems. Users should apply firmware updates from their device manufacturer or as provided via Samsung's product security update process [1]. No workarounds are available; disabling 2G on the device may reduce attack surface but may not fully mitigate the vulnerability.