Headline
CVE-2023-26075: Product Security Update | Support | Samsung Semiconductor Global
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.
Product Security Update
- Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Emergency number list.
CVE ID
CVE-2023-26072
Title
Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
when decoding Emergency number list
Affected Product
Samsung Mobile Chipset and Baseband Modem Chipset
Affected Chipset
Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, Exynos W920
Severity
7.6 (High)
Reported Date
15-Dec-22
Patched Version
※ Contact Each Product Manager
* Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Extended emergency number list.
CVE ID
CVE-2023-26073
Title
Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
when decoding Extended emergency number list
Affected Product
Samsung Mobile Chipset and Baseband Modem Chipset
Affected Chipset
Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, Exynos W920
Severity
7.6 (High)
Reported Date
15-Dec-22
Patched Version
※ Contact Each Product Manager
* Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Operator-defined access category definitions.
CVE ID
CVE-2023-26074
Title
Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
when decoding Operator-defined access category definitions
Affected Product
Samsung Mobile Chipset and Baseband Modem Chipset
Affected Chipset
Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, Exynos W920
Severity
7.6 (High)
Reported Date
15-Dec-22
Patched Version
※ Contact Each Product Manager
* Intra-object overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Service Area List.
CVE ID
CVE-2023-26075
Title
Shannon Baseband: Intra-object overflow in NrmmMsgCodec
when decoding Service Area List
Affected Product
Samsung Mobile Chipset and Baseband Modem Chipset
Affected Chipset
Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, Exynos W920
Severity
7.6 (High)
Reported Date
15-Dec-22
Patched Version
※ Contact Each Product Manager
* Intra-object overflow in 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.
CVE ID
CVE-2023-26076
Title
Shannon Baseband: Intra-object overflow in NrSmPcoCodec
when decoding reserved options
Affected Product
Samsung Mobile Chipset and Baseband Modem Chipset
Affected Chipset
Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123
Severity
7.6 (High)
Reported Date
20-Dec-22
Patched Version
※ Contact Each Product ManagerRelated news
Hackers can hijack Samsung and Pixel phones by knowing phone number
By Deeba Ahmed In addition to Google Pixel and Samsung devices, Vivo devices were also vulnerable to this attack. This is a post from HackRead.com Read the original post: Hackers can hijack Samsung and Pixel phones by knowing phone number