Login Sign Up

CVE-2023-48398

7.5 HIGH

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the baseband firmware of certain Android devices. Attackers could potentially read sensitive information from memory, but exploitation requires compromising the baseband firmware first. This primarily affects Google Pixel devices with specific baseband firmware versions.

💻 Affected Systems

Products:
  • Google Pixel devices
Versions: Android security patch level before December 2023
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Requires specific baseband firmware versions; vulnerability is in the baseband processor code, not the main Android OS.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker could read sensitive information from device memory, potentially including authentication tokens, encryption keys, or other protected data, leading to complete device compromise.

🟠

Likely Case

Limited information disclosure from baseband memory, potentially revealing device identifiers or limited system information, but full exploitation requires significant technical capability.

🟢

If Mitigated

With proper security controls and updated firmware, the vulnerability is effectively neutralized with minimal to no impact.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires baseband firmware compromise, which is technically challenging and typically requires physical access or specialized equipment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level December 2023 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-12-01

Restart Required: Yes

Instructions:

1. Go to Settings > System > System update. 2. Check for and install available updates. 3. Restart device when prompted. 4. Verify security patch level is December 2023 or later.

🔧 Temporary Workarounds

Disable baseband debugging

android

Prevents unauthorized access to baseband debugging interfaces

adb shell setprop persist.vendor.radio.adb_log_on 0
adb reboot

🧯 If You Can't Patch

  • Restrict physical access to devices to prevent baseband firmware compromise
  • Implement network segmentation to isolate vulnerable devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android version > Android security patch level. If before December 2023, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows December 2023 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual baseband processor activity
  • Unexpected memory access patterns in baseband logs

Network Indicators:

  • Anomalous baseband communication patterns
  • Unexpected cellular network interactions

SIEM Query:

source="android_logs" AND (message="*baseband*" OR message="*ProtocolNetAcBarringInfo*") AND severity=ERROR

📊 Metadata

CVE ID: CVE-2023-48398
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: December 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48398, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)