CVE-2023-26074
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected Samsung mobile devices via a heap-based buffer overflow in the 5G modem firmware. Attackers can exploit this by sending specially crafted 5G network messages to trigger the overflow. Affected devices include Samsung smartphones and automotive systems using the listed Exynos chipsets.
💻 Affected Systems
- Samsung Mobile Chipset
- Samsung Baseband Modem Chipset
- Exynos 850
- Exynos 980
- Exynos 1080
- Exynos 1280
- Exynos 2200
- Exynos Modem 5123
- Exynos Modem 5300
- Exynos Auto T5123
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise with remote code execution at baseband level, allowing attackers to intercept communications, install persistent malware, or disable the device.
Likely Case
Remote code execution on the baseband processor, potentially leading to call/SMS interception, location tracking, or device instability.
If Mitigated
Limited impact if devices are patched or network-level protections block malicious 5G messages.
🎯 Exploit Status
Project Zero has published detailed analysis and proof-of-concept. Exploitation requires knowledge of 5G protocol and baseband internals.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Vendor-specific firmware updates
Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Restart Required: Yes
Instructions:
1. Check for Samsung security updates in device settings
2. Apply available firmware updates
3. Reboot device after update installation
4. Verify baseband version has been updated
🔧 Temporary Workarounds
Disable 5G connectivity
androidSwitch to 4G/LTE only mode to prevent exploitation via 5G networks
Settings > Connections > Mobile networks > Network mode > LTE/3G/2G
Enable airplane mode when not using cellular
androidDisable all wireless radios when cellular connectivity is not needed
Settings > Connections > Airplane mode
🧯 If You Can't Patch
- Isolate affected devices from untrusted cellular networks when possible
- Monitor for unusual baseband behavior or device instability
🔍 How to Verify
Check if Vulnerable:
Check baseband version in Settings > About phone > Software information > Baseband version and compare against Samsung security bulletinsCheck Version:
adb shell getprop gsm.version.basebandVerify Fix Applied:
Verify baseband version has been updated to a version mentioned in Samsung's security advisory📡 Detection & Monitoring
Log Indicators:
- Baseband crash logs
- Unexpected modem resets
- 5G connection failures
Network Indicators:
- Unusual 5G signaling patterns
- Malformed 5G MM messages
SIEM Query:
Device logs showing baseband crashes OR modem subsystem errors within 5G network context🔗 References
- http://packetstormsecurity.com/files/171383/Shannon-Baseband-NrmmMsgCodec-Access-Category-Definitions-Heap-Buffer-Overflow.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2397
- https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
- https://semiconductor.samsung.com/processor/mobile-processor/
- https://semiconductor.samsung.com/processor/modem/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- http://packetstormsecurity.com/files/171383/Shannon-Baseband-NrmmMsgCodec-Access-Category-Definitions-Heap-Buffer-Overflow.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2397
- https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
- https://semiconductor.samsung.com/processor/mobile-processor/
- https://semiconductor.samsung.com/processor/modem/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://project-zero.issues.chromium.org/issues/42451536
