Skip to content

Product Security Update

Product Security Update

    • Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Emergency number list.

      CVE ID CVE-2023-26072
      Title
      Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
      when decoding Emergency number list
      Affected Product Samsung Mobile Chipset and Baseband Modem Chipset
      Affected Chipset
      Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
      Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123
      Severity 7.6 (High)
      Reported Date 15-Dec-22
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Extended emergency number list.

      CVE ID CVE-2023-26073
      Title
      Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
      when decoding Extended emergency number list
      Affected Product Samsung Mobile Chipset and Baseband Modem Chipset
      Affected Chipset
      Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
      Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123
      Severity 7.6 (High)
      Reported Date 15-Dec-22
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Operator-defined access category definitions.

      CVE ID CVE-2023-26074
      Title
      Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
      when decoding Operator-defined access category definitions
      Affected Product Samsung Mobile Chipset and Baseband Modem Chipset
      Affected Chipset
      Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
      Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123
      Severity 7.6 (High)
      Reported Date 15-Dec-22
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Intra-object overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Service Area List.

      CVE ID CVE-2023-26075
      Title
      Shannon Baseband: Intra-object overflow in NrmmMsgCodec
      when decoding Service Area List
      Affected Product Samsung Mobile Chipset and Baseband Modem Chipset
      Affected Chipset
      Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
      Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123
      Severity 7.6 (High)
      Reported Date 15-Dec-22
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Intra-object overflow in 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.

      CVE ID CVE-2023-26076
      Title
      Shannon Baseband: Intra-object overflow in NrSmPcoCodec
      when decoding reserved options
      Affected Product Samsung Mobile Chipset and Baseband Modem Chipset
      Affected Chipset
      Exynos 1280, Exynos 2200, Exynos Modem 5123,
      Exynos Modem 5300, Exynos Auto T5123
      Severity 7.6 (High)
      Reported Date 20-Dec-22
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Memory corruption can occur when processing Session Desciption Negotiation for Video Resolution Attribute.

      CVE ID CVE-2023-26496
      Title
      Shannon Baseband:Memory corruption when processing Session Desciption Negotiation for Video Resolution Attribute.
      Affected Product Samsung Baseband Modem Chipset
      Affected Chipset
      Exynos Modem 5123, Exynos Modem 5300,
      Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123
      Severity 8.6 (High)
      Reported Date 19-Dec-2022
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Memory corruption can occur when processing Session Desciption Negotiation for Video Configuration Attribute.

      CVE ID CVE-2023-26497
      Title
      Shannon Baseband: Memory corruption when processing Session Desciption Negotiation for Video Configuration Attribute.
      Affected Product Samsung Baseband Modem Chipset
      Affected Chipset
      Exynos Modem 5123, Exynos Modem 5300,
      Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123
      Severity 8.6 (High)
      Reported Date 19-Dec-2022
      Patched Version ※ Not affect all vendors' product, please contact your vendor.
    • Memory corruption can occur when processing Session Desciption Negotiation for RCS Chat.

      CVE ID CVE-2023-26498
      Title
      Shannon Baseband: Memory corruption when processing Session Desciption Negotiation for RCS Chat.
      Affected Product Samsung Baseband Modem Chipset
      Affected Chipset
      Exynos Modem 5123, Exynos Modem 5300,
      Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123
      Severity 8.6 (High)
      Reported Date 19-Dec-2022
      Patched Version ※ Not affect all vendors' product, please contact your vendor.