CVE-2024-29152
📋 TL;DR
A vulnerability in Samsung Exynos baseband software allows improper state checking of RRC Reconfiguration messages, potentially leading to sensitive information disclosure. This affects Samsung mobile devices, wearables, and modems using the listed Exynos processors. Attackers could exploit this to access protected data transmitted over cellular networks.
💻 Affected Systems
- Samsung Mobile Processor
- Samsung Wearable Processor
- Samsung Modem Exynos 980
- Exynos 990
- Exynos 1080
- Exynos 2100
- Exynos 2200
- Exynos 1280
- Exynos 1380
- Exynos 1330
- Exynos 2400
- Exynos Modem 5123
- Exynos Modem 5300
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of cellular communications including interception of voice calls, SMS messages, and mobile data containing sensitive personal or corporate information.
Likely Case
Limited information disclosure of cellular network metadata or partial data interception depending on network conditions and attacker proximity.
If Mitigated
Minimal impact with proper network segmentation, encrypted communications, and updated firmware preventing successful exploitation.
🎯 Exploit Status
Exploitation requires specialized knowledge of cellular protocols and proximity to target device. No public exploits available at disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Device-specific firmware updates from Samsung
Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Restart Required: Yes
Instructions:
1. Check for device firmware updates in Settings > Software Update. 2. Install available updates. 3. Restart device after installation. 4. Verify update completion in About Phone > Software Information.
🔧 Temporary Workarounds
Disable vulnerable cellular bands
androidTemporarily disable affected cellular frequency bands if supported by device
*#*#4636#*#* > Phone Information > Set preferred network type
Use Wi-Fi calling
androidRoute cellular communications through encrypted Wi-Fi networks when available
Settings > Connections > Wi-Fi Calling > Enable
🧯 If You Can't Patch
- Isolate affected devices on separate network segments with strict firewall rules
- Implement additional encryption layers for all cellular communications using VPN or secure messaging apps
🔍 How to Verify
Check if Vulnerable:
Check device model and baseband version in Settings > About Phone > Software Information. Compare with Samsung security bulletins.Check Version:
adb shell getprop | grep -i basebandVerify Fix Applied:
Verify baseband firmware version matches patched versions listed in Samsung security updates. Check that May 2024 or later security patches are installed.📡 Detection & Monitoring
Log Indicators:
- Unusual RRC state transitions in baseband logs
- Multiple failed RRC reconfiguration attempts
- Abnormal cellular protocol messages
Network Indicators:
- Suspicious cellular traffic patterns
- Unexpected RRC reconfiguration messages from unknown base stations
- Anomalous signal strength variations
SIEM Query:
source="baseband_logs" AND ("RRC reconfiguration" OR "state violation")