CVE-2023-29089 - OpenCVE

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Exynos 1080 Exynos 1080 Firmware Exynos 5123 Exynos 5123 Firmware Exynos 5300 Exynos 5300 Firmware Exynos 9110 Exynos 9110 Firmware Exynos 980 Exynos 980 Firmware Exynos Auto T5123 Exynos Auto T5123 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:samsung:exynos_5300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_5300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:samsung:exynos_5123_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_5123:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:samsung:exynos_auto_t5123_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_auto_t5123:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/172292/Shannon-Baseband-Negative-Size-Memcpy-Out-Of-Bounds-Read.html
https://semiconductor.samsung.com/support/quality-support/product-security-updates/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-14T00:00:00

Updated: 2024-08-02T14:00:15.358Z

Reserved: 2023-03-31T00:00:00

Link: CVE-2023-29089

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-14T21:15:08.400

Modified: 2023-05-11T18:15:14.927

Link: CVE-2023-29089

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_5300_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E2E6EE0-4271-43A3-9439-49F332D1FE1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_5300:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F9B26D9-AA50-4652-AFC0-A6AC966B4770", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_5123_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFFB4DF2-B55C-45BD-9073-56299E19B6DE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_5123:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5954D95-E12B-487D-9744-361566788A2D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F18F62E-2012-442E-BE60-6E76325D1824", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1896BFF-D709-481B-AD4F-37D1A8B30C06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6748EF2-3C63-41CD-B3D1-4B3FEC614B40", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "43DE4D6F-D662-46F2-93BC-9AE950320BDE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE06CD56-8BFD-4208-843A-179E3E6F5C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:exynos_auto_t5123_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4F27BAE-A171-42BF-BAC5-90922780525A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_auto_t5123:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A1895B4-8B31-492E-B4D8-4DC5130C536A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages."}], "id": "CVE-2023-29089", "lastModified": "2023-05-11T18:15:14.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2023-04-14T21:15:08.400", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/172292/Shannon-Baseband-Negative-Size-Memcpy-Out-Of-Bounds-Read.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}