Login Sign Up

CVE-2023-26496

8.6 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows memory corruption in Samsung baseband chipsets due to improper parameter length checking while parsing SDP fmtp attributes. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Samsung Exynos 5123, 5300, 980, 1080, and Auto T5124 baseband modems.

💻 Affected Systems

Products:
  • Samsung Exynos Modem 5123
  • Samsung Exynos Modem 5300
  • Samsung Exynos 980
  • Samsung Exynos 1080
  • Samsung Exynos Auto T5124
Versions: All versions prior to vendor patches
Operating Systems: Android, Embedded systems using affected chipsets
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices from multiple manufacturers using these Samsung baseband chipsets, not just Samsung phones.

📦 What is this software?

Exynos 1080 Firmware by Samsung

View all CVEs affecting Exynos 1080 Firmware →

Exynos 980 Firmware by Samsung

View all CVEs affecting Exynos 980 Firmware →

Exynos Auto T5123 Firmware by Samsung

View all CVEs affecting Exynos Auto T5123 Firmware →

Exynos Modem 5123 Firmware by Samsung

View all CVEs affecting Exynos Modem 5123 Firmware →

Exynos Modem 5300 Firmware by Samsung

View all CVEs affecting Exynos Modem 5300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on the baseband processor allowing complete device compromise, interception of cellular communications, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing cellular connectivity loss, potential for limited code execution within baseband constraints.

🟢

If Mitigated

Baseband crash requiring device reboot, temporary loss of cellular service until restart.

🌐 Internet-Facing: HIGH - Baseband processors handle cellular network traffic directly from external sources.
🏢 Internal Only: LOW - This vulnerability requires cellular network interaction, not internal network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted SDP messages over cellular networks. No public exploit code available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply baseband firmware update through device settings or manufacturer tools. 3. Reboot device after update completion.

🔧 Temporary Workarounds

Disable vulnerable SDP features

all

Restrict SDP parsing capabilities in baseband configuration if supported by device firmware.

Network filtering

all

Implement cellular network filtering for malicious SDP packets at carrier level.

🧯 If You Can't Patch

  • Isolate affected devices from untrusted cellular networks when possible
  • Monitor for baseband crashes or unusual cellular connectivity issues

🔍 How to Verify

Check if Vulnerable:

Check device specifications for affected Exynos modem chipsets and verify firmware version against manufacturer security bulletins.

Check Version:

Android: Settings > About phone > Baseband version; Other devices: Manufacturer-specific diagnostic tools

Verify Fix Applied:

Confirm baseband firmware version has been updated to patched version from manufacturer.

📡 Detection & Monitoring

Log Indicators:

  • Baseband crash logs
  • Unexpected modem resets
  • Cellular connectivity loss events

Network Indicators:

  • Malformed SDP packets in cellular traffic
  • Unusual SDP attribute parsing attempts

SIEM Query:

Baseband logs containing 'crash', 'reset', or 'SDP error' for affected chipset models

📊 Metadata

CVE ID: CVE-2023-26496
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-787
Published: March 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26496, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)