Product Security Update
Product Security Update
-
-
Binding wrong resource can occur due to improper handling of parameters while binding network interface
CVE ID CVE-2023-29092 Title Improper handling of parameters while binding network interface Affected Product Exynos Mobile Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080 Severity 3.1 (Low) Reported Date 2023-02-07 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Incorrect resource transfer between spheres can cause unintended querying of SIM status via a crafted application.
CVE ID CVE-2023-31114 Title Incorrect resource transfer between Spheres while broadcasting SIM state in Shannon IMS Affected Product Shannon RCS Affected Chipset Exynos Modem 5123, Exynos Modem 5300 Severity 2.8 (Low) Reported Date 2023-02-25 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.
CVE ID CVE-2023-31115 Title Incorrect resource transfer between Spheres while broadcasting mode information in Shannon RCS Affected Product Shannon RCS Affected Chipset Exynos Modem 5123, Exynos Modem 5300 Severity 2.8 (Low) Reported Date 2023-02-25 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Incorrect Default Permission can cause unintended querying of RCS capability via a crafted application.
CVE ID CVE-2023-31116 Title Improper default permission on contact capability in Shannon RCS Affected Product Shannon RCS Affected Chipset Exynos Modem 5123, Exynos Modem 5300 Severity 2.8 (Low) Reported Date 2023-02-25 Patched Version ※ Not affect all vendors' product, please contact your vendor.
-
-
-
Integer Overflow in IPv4 fragments handling can occur due to insufficient parameter validation when reassembling IPv4 fragments.
CVE ID CVE-2023-28613 Title Integer overflow when reassembling IPv4 fragments Affected Product Exynos Mobile Processor and Baseband Modem Processor Affected Chipset Exynos 1280, Exynos 2200, Exynos Modem 5300 Severity 6.8 (Medium) Reported Date 2023-01-25 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP URI.
CVE ID CVE-2023-29091 Title Memory corruption when decoding SIP URI Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-16 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP Via header.
CVE ID CVE-2023-29090 Title Memory corruption when decoding SIP Via header Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-23 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP status line.
CVE ID CVE-2023-29085 Title Memory corruption when decoding SIP status line Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-23 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP Session-Expires header.
CVE ID CVE-2023-29088 Title Memory corruption when decoding SIP Session-Expires header Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-23 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP Retry-After header.
CVE ID CVE-2023-29087 Title Memory corruption when decoding SIP Retry-After header Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-27 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP Min-SE header.
CVE ID CVE-2023-29086 Title Memory corruption when decoding SIP Min-SE header Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-27 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.
CVE ID CVE-2023-29089 Title Out of bound read when decoding SIP multipart messages Affected Product Exynos Mobile Processor, Automotive Processor and Modem Affected Chipset Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123 Severity 6.8 (Medium) Reported Date 2023-01-27 Patched Version ※ Not affect all vendors' product, please contact your vendor.
-
-
-
Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Emergency number list.
CVE ID CVE-2023-26072 Title Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
when decoding Emergency number listAffected Product Samsung Mobile Chipset and Baseband Modem Chipset Affected ChipsetExynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123Severity 7.6 (High) Reported Date 15-Dec-22 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Extended emergency number list.
CVE ID CVE-2023-26073 Title Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
when decoding Extended emergency number listAffected Product Samsung Mobile Chipset and Baseband Modem Chipset Affected ChipsetExynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123Severity 7.6 (High) Reported Date 15-Dec-22 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Heap buffer overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Operator-defined access category definitions.
CVE ID CVE-2023-26074 Title Shannon Baseband: Heap buffer overflow in NrmmMsgCodec
when decoding Operator-defined access category definitionsAffected Product Samsung Mobile Chipset and Baseband Modem Chipset Affected ChipsetExynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123Severity 7.6 (High) Reported Date 15-Dec-22 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Intra-object overflow in 5G MM message codec can occur due to insufficient parameter validation when decoding Service Area List.
CVE ID CVE-2023-26075 Title Shannon Baseband: Intra-object overflow in NrmmMsgCodec
when decoding Service Area ListAffected Product Samsung Mobile Chipset and Baseband Modem Chipset Affected ChipsetExynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200,
Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123Severity 7.6 (High) Reported Date 15-Dec-22 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Intra-object overflow in 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.
CVE ID CVE-2023-26076 Title Shannon Baseband: Intra-object overflow in NrSmPcoCodec
when decoding reserved optionsAffected Product Samsung Mobile Chipset and Baseband Modem Chipset Affected ChipsetExynos 1280, Exynos 2200, Exynos Modem 5123,
Exynos Modem 5300, Exynos Auto T5123Severity 7.6 (High) Reported Date 20-Dec-22 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur when processing Session Desciption Negotiation for Video Resolution Attribute.
CVE ID CVE-2023-26496 Title Shannon Baseband:Memory corruption when processing Session Desciption Negotiation for Video Resolution Attribute.Affected Product Samsung Baseband Modem Chipset Affected ChipsetExynos Modem 5123, Exynos Modem 5300,
Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123Severity 8.6 (High) Reported Date 19-Dec-2022 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur when processing Session Desciption Negotiation for Video Configuration Attribute.
CVE ID CVE-2023-26497 Title Shannon Baseband: Memory corruption when processing Session Desciption Negotiation for Video Configuration Attribute.Affected Product Samsung Baseband Modem Chipset Affected ChipsetExynos Modem 5123, Exynos Modem 5300,
Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123Severity 8.6 (High) Reported Date 19-Dec-2022 Patched Version ※ Not affect all vendors' product, please contact your vendor. -
Memory corruption can occur when processing Session Desciption Negotiation for RCS Chat.
CVE ID CVE-2023-26498 Title Shannon Baseband: Memory corruption when processing Session Desciption Negotiation for RCS Chat.Affected Product Samsung Baseband Modem Chipset Affected ChipsetExynos Modem 5123, Exynos Modem 5300,
Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123Severity 8.6 (High) Reported Date 19-Dec-2022 Patched Version ※ Not affect all vendors' product, please contact your vendor.
-
-
The baseband software does not properly check the format types of accept-type attribute specified by the SDP, which can lead to a denial of service or code execution in Samsung Baseband Modem. Users can disable WiFi calling and VoLTE to mitigate the impact of this vulnerability.
CVE ID CVE-2023-24033 Title Shannon Baseband: Memory corruption when processing SDP attribute accept-type Affected Product Samsung Baseband Modem Chipset Affected Chipset Exynos Modem 5123, Exynos Modem 5300,
Exynos 980, Exynos 1080, Exynos 9110, Exynos Auto T5123Severity 8.6 (High) Reported Date 12-Nov-22 Patched Version ※ Not affect all vendors' product, please contact your vendor.
-
A DLL hijacking vulnerability could allow a local attacker to escalate privileges on affected system.
An attacker must already have user privilege on Windows 7, 10, 11 to exploit this vulnerability.CVE ID CVE-2022-25154 Title DLL hijacking vulnerability Affected Product Samsung portable SSD T5 PC software Affected Version Below 1.6.9 version Severity 7.3 Reported Date 09-Jan-2022 Patched Version 1.6.10