CVE-2023-31116 – This vulnerability in Samsung Exynos modem chip... (How to Fix)

Q: What is the severity of CVE-2023-31116?

CVE-2023-31116 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Samsung Exynos modem chips allows malicious applications to query RCS (Rich Communication Services) capabilities without proper authorization. It affects devices using Exynos 5123 and 5300 modems, primarily Samsung mobile devices and potentially other devices incorporating these chips.

📋 TL;DR

This vulnerability in Samsung Exynos modem chips allows malicious applications to query RCS (Rich Communication Services) capabilities without proper authorization. It affects devices using Exynos 5123 and 5300 modems, primarily Samsung mobile devices and potentially other devices incorporating these chips.

💻 Affected Systems

Products:

Samsung devices with Exynos 5123 modem
Samsung devices with Exynos 5300 modem

Versions: All versions prior to patch

Operating Systems: Android with affected modem firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the modem/baseband processor, not the main OS. Requires malicious app with appropriate permissions.

📦 What is this software?

Exynos 5123 Firmware by Samsung

View all CVEs affecting Exynos 5123 Firmware →

Exynos 5300 Firmware by Samsung

View all CVEs affecting Exynos 5300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious apps could access sensitive RCS capabilities information, potentially enabling further attacks on communication services or user privacy compromise.

🟠

Likely Case

Unauthorized apps querying RCS capabilities to gather information about device communication features for profiling or targeted attacks.

🟢

If Mitigated

Limited information leakage with no direct code execution or system compromise.

🌐 Internet-Facing: MEDIUM - Requires malicious app installation but could be distributed via app stores.

🏢 Internal Only: LOW - Primarily affects mobile devices rather than internal enterprise systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires crafting a malicious application that can interact with the modem component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific modem firmware updates

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Restart Required: Yes

Instructions:

1. Check for device manufacturer updates 2. Apply modem/baseband firmware updates 3. Restart device 4. Verify update applied

🔧 Temporary Workarounds

Restrict app permissions

android

Limit which apps have access to telephony/RCS features

Source control

android

Only install apps from trusted sources like official app stores

🧯 If You Can't Patch

Isolate affected devices from sensitive networks
Monitor for suspicious app behavior and RCS queries

🔍 How to Verify

Check if Vulnerable:

Check modem/baseband version in device settings > About phone > Software information

Check Version:

Settings vary by device; typically in About Phone > Software Information

Verify Fix Applied:

Verify modem firmware version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual RCS capability queries from apps
Modem/baseband access attempts from non-system apps

Network Indicators:

Unexpected RCS protocol traffic from mobile devices

SIEM Query:

Search for modem/RCS access events from non-privileged applications

📊 Metadata

CVE ID: CVE-2023-31116

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: June 7, 2023

Last Updated: January 7, 2025

🔗 References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31116, you might also want to check these: