CVE-2024-29153
📋 TL;DR
This vulnerability in Samsung Exynos processors and modems allows attackers to exploit incorrect LTE NAS message authorization, forcing devices to downgrade to older network generations and enabling repeated denial-of-service attacks. It affects Samsung mobile devices, wearables, and modems using the listed Exynos chipsets. The vulnerability is network-based and can be exploited remotely.
💻 Affected Systems
- Samsung Mobile Processor
- Samsung Wearable Processor
- Samsung Modems
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could persistently disrupt cellular connectivity for affected devices, causing service outages, draining battery through repeated connection attempts, and potentially enabling man-in-the-middle attacks by forcing connections to less secure network generations.
Likely Case
Targeted denial-of-service attacks against specific devices or groups of devices, causing temporary loss of cellular connectivity and increased battery consumption.
If Mitigated
Limited impact with proper network monitoring and timely patching, though some service disruption may still occur during attack attempts.
🎯 Exploit Status
Exploitation requires sending specially crafted LTE NAS messages to the target device. No authentication is required as the attack occurs at the network protocol level.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Samsung security updates for specific device firmware versions
Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-29153/
Restart Required: Yes
Instructions:
1. Check for available firmware updates on affected Samsung devices. 2. Apply the latest security update from Samsung. 3. Restart the device after update installation. 4. Verify the update was successful by checking the firmware version.
🔧 Temporary Workarounds
Disable LTE/5G connectivity
androidForce device to use older network technologies (3G/2G) that are not vulnerable to this specific attack
Enable airplane mode when not needed
allTemporarily disable all cellular connectivity to prevent exploitation
🧯 If You Can't Patch
- Monitor for unusual network downgrade events and repeated connection attempts in cellular network logs
- Implement network-level filtering for suspicious LTE NAS messages if possible through carrier infrastructure
🔍 How to Verify
Check if Vulnerable:
Check device model and chipset information in Settings > About Phone > Hardware Information. If using an affected Exynos chipset, the device is vulnerable.Check Version:
Settings > About Phone > Software Information > Build Number / Baseband VersionVerify Fix Applied:
Check firmware version after update and verify it's newer than the vulnerable versions listed in Samsung's security advisory.📡 Detection & Monitoring
Log Indicators:
- Repeated network generation downgrades in cellular logs
- Abnormal LTE NAS message patterns
- Frequent connection resets
Network Indicators:
- Unusual LTE control plane traffic patterns
- Suspicious NAS messages forcing network downgrades
SIEM Query:
Search for cellular network logs showing repeated RRC connection releases followed by downgrades to 3G/2G🔗 References
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-29153/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/
- https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-29153/
