// For flags

CVE-2023-26075

Shannon Baseband NrmmMsgCodec Intra-Object Overflow

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.

There is an intra-object overflow in Shannon Baseband, inside the 5G MM protocol implementation (NrmmMsgCodec as it is called in Shannon according to debug strings), specifically when handling the Service Area List message (IEI = 0x27).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-02-19 CVE Reserved
  • 2023-03-10 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-10-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samsung
Search vendor "Samsung"
Exynos 850 Firmware
Search vendor "Samsung" for product "Exynos 850 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos 850
Search vendor "Samsung" for product "Exynos 850"
--
Safe
Samsung
Search vendor "Samsung"
Exynos 980 Firmware
Search vendor "Samsung" for product "Exynos 980 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos 980
Search vendor "Samsung" for product "Exynos 980"
--
Safe
Samsung
Search vendor "Samsung"
Exynos 1080 Firmware
Search vendor "Samsung" for product "Exynos 1080 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos 1080
Search vendor "Samsung" for product "Exynos 1080"
--
Safe
Samsung
Search vendor "Samsung"
Exynos 1280 Firmware
Search vendor "Samsung" for product "Exynos 1280 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos 1280
Search vendor "Samsung" for product "Exynos 1280"
--
Safe
Samsung
Search vendor "Samsung"
Exynos 2200 Firmware
Search vendor "Samsung" for product "Exynos 2200 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos 2200
Search vendor "Samsung" for product "Exynos 2200"
--
Safe
Samsung
Search vendor "Samsung"
Exynos Modem 5123 Firmware
Search vendor "Samsung" for product "Exynos Modem 5123 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos Modem 5123
Search vendor "Samsung" for product "Exynos Modem 5123"
--
Safe
Samsung
Search vendor "Samsung"
Exynos Modem 5300 Firmware
Search vendor "Samsung" for product "Exynos Modem 5300 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos Modem 5300
Search vendor "Samsung" for product "Exynos Modem 5300"
--
Safe
Samsung
Search vendor "Samsung"
Exynos Auto T5123 Firmware
Search vendor "Samsung" for product "Exynos Auto T5123 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos Auto T5123
Search vendor "Samsung" for product "Exynos Auto T5123"
--
Safe
Samsung
Search vendor "Samsung"
Exynos W920 Firmware
Search vendor "Samsung" for product "Exynos W920 Firmware"
--
Affected
in Samsung
Search vendor "Samsung"
Exynos W920
Search vendor "Samsung" for product "Exynos W920"
--
Safe