Researchers from the Google Project Zero team reported the discovery of 18 vulnerabilities in Samsung Exynos 5G/LTE/GSM modems. The four most dangerous vulnerabilities (CVE-2023-24033) allow code execution at the baseband chip level through manipulation from external Internet networks. According to representatives of Google Project Zero, after a little additional research, qualified attackers will be able to quickly prepare a working exploit that makes it possible to remotely gain control at the wireless module level, knowing only the victimβs phone number. The attack can be carried out unnoticed by the user and does not require him to perform any actions.
The remaining 14 vulnerabilities have a lower severity level, since the attack requires access to the infrastructure of the mobile network operator or local access to the user's device. With the exception of the CVE-2023-24033 vulnerability, a fix for which was proposed in the March firmware update for Google Pixel devices, the issues remain unpatched. The only thing known about the CVE-2023-24033 vulnerability is that it is caused by incorrect checking of the format of the βaccept-typeβ attribute transmitted in SDP (Session Description Protocol) messages.
Until the vulnerabilities are fixed by manufacturers, users are recommended to disable VoLTE (Voice-over-LTE) support and the calling function via Wi-Fi in the settings. Vulnerabilities manifest themselves in devices equipped with Exynos chips, for example, in Samsung smartphones (S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04), Vivo (S16, S15, S6, X70, X60 and X30), Google Pixel (6 and 7), as well as wearable devices based on the Exynos W920 chipset and automotive systems with the Exynos Auto T5123 chip.
Due to the danger of vulnerabilities and the realism of the rapid emergence of an exploit, Google decided to make an exception for the 4 most dangerous problems and postpone the disclosure of information about the nature of the problems. For other vulnerabilities, the disclosure schedule will be followed 90 days after the manufacturer is notified (information about vulnerabilities CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075 and CVE-2023-26076 is already available in bug tracking system, and for the remaining 9 issues, the 90-day wait has not yet expired). The reported vulnerabilities CVE-2023-2607* are caused by a buffer overflow when decoding certain options and lists in the NrmmMsgCodec and NrSmPcoCodec codecs.
Source: opennet.ru