CVE-2024-39343 – A vulnerability in Samsung Exynos baseband soft... (How to Fix)

Q: What is the severity of CVE-2024-39343?

CVE-2024-39343 has a CVSS score of 7.0 (HIGH). A vulnerability in Samsung Exynos baseband software allows denial of service attacks by exploiting improper length validation in the Mobility Management module. This affects Samsung mobile devices and wearables using the listed Exynos processors. Attackers could disrupt cellular connectivity on vulnerable devices.

📋 TL;DR

A vulnerability in Samsung Exynos baseband software allows denial of service attacks by exploiting improper length validation in the Mobility Management module. This affects Samsung mobile devices and wearables using the listed Exynos processors. Attackers could disrupt cellular connectivity on vulnerable devices.

💻 Affected Systems

Products:

Samsung Mobile Processor Exynos 2100
Samsung Mobile Processor Exynos 1280
Samsung Mobile Processor Exynos 2200
Samsung Mobile Processor Exynos 1330
Samsung Mobile Processor Exynos 1380
Samsung Mobile Processor Exynos 1480
Samsung Mobile Processor Exynos 2400
Samsung Wearable Processor Exynos 9110
Samsung Modem 5123
Samsung Modem 5300

Versions: All versions prior to security patches

Operating Systems: Android, Wear OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using these processors regardless of Android version or device model.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of cellular connectivity requiring device reboot, potentially affecting emergency communications.

🟠

Likely Case

Temporary service disruption affecting voice, SMS, and data services until device recovers or reboots.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring for anomalous baseband behavior.

🌐 Internet-Facing: MEDIUM - Requires proximity to target or network access to cellular infrastructure.

🏢 Internal Only: LOW - Primarily affects individual devices rather than internal networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires specialized knowledge of cellular protocols and baseband exploitation. Likely requires proximity to target or network-level access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest security updates from Samsung

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Restart Required: No

Instructions:

1. Check for Samsung security updates in device settings. 2. Install all available updates. 3. For enterprise devices, deploy updates through MDM solutions. 4. Verify baseband firmware version after update.

🔧 Temporary Workarounds

Network-level monitoring

all

Monitor for anomalous baseband behavior and cellular service disruptions

🧯 If You Can't Patch

Isolate vulnerable devices on separate network segments
Implement strict monitoring for cellular service disruptions

🔍 How to Verify

Check if Vulnerable:

Check device settings > About phone > Baseband version against Samsung security bulletins

Check Version:

Android: Settings > About phone > Baseband version

Verify Fix Applied:

Verify baseband firmware has been updated to latest version and check Samsung security bulletins for patch confirmation

📡 Detection & Monitoring

Log Indicators:

Unexpected baseband resets
Cellular service disconnections
MM module error messages

Network Indicators:

Abnormal cellular protocol messages
Unexpected device deregistrations from network

SIEM Query:

source="android_logs" AND ("baseband" OR "modem") AND ("error" OR "reset" OR "crash")

📊 Metadata

CVE ID: CVE-2024-39343

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE: CWE-1284

Published: December 2, 2024

Last Updated: July 1, 2025

🔗 References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39343, you might also want to check these: