CVE-2024-56427

6.5 MEDIUM

📋 TL;DR

This vulnerability in Samsung Exynos processors allows attackers to trigger out-of-bounds memory access by sending malformed RRC (Radio Resource Control) packets. This affects mobile devices and wearables using the listed Exynos chipsets, potentially compromising the modem subsystem.

💻 Affected Systems

Products:

• Samsung Mobile Processor Exynos 980
• Samsung Mobile Processor Exynos 990
• Samsung Mobile Processor Exynos 850
• Samsung Mobile Processor Exynos 1080
• Samsung Mobile Processor Exynos 2100
• Samsung Mobile Processor Exynos 1280
• Samsung Mobile Processor Exynos 2200
• Samsung Mobile Processor Exynos 1330
• Samsung Mobile Processor Exynos 1380
• Samsung Mobile Processor Exynos 1480
• Samsung Mobile Processor Exynos 2400
• Samsung Wearable Processor Exynos 9110
• Samsung Wearable Processor Exynos W920
• Samsung Wearable Processor Exynos W930
• Samsung Wearable Processor Exynos W1000
• Samsung Modem 5123
• Samsung Modem 5300
• Samsung Modem 5400

Versions: All versions prior to security patches

Operating Systems: Android, Wear OS, Tizen

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with these chipsets regardless of manufacturer. The vulnerability is in the modem/baseband firmware.

📦 What is this software?

Exynos 1080 Firmware by Samsung

View all CVEs affecting Exynos 1080 Firmware →

Exynos 1280 Firmware by Samsung

View all CVEs affecting Exynos 1280 Firmware →

Exynos 1330 Firmware by Samsung

View all CVEs affecting Exynos 1330 Firmware →

Exynos 1380 Firmware by Samsung

View all CVEs affecting Exynos 1380 Firmware →

Exynos 1480 Firmware by Samsung

View all CVEs affecting Exynos 1480 Firmware →

Exynos 2100 Firmware by Samsung

View all CVEs affecting Exynos 2100 Firmware →

Exynos 2200 Firmware by Samsung

View all CVEs affecting Exynos 2200 Firmware →

Exynos 2400 Firmware by Samsung

View all CVEs affecting Exynos 2400 Firmware →

Exynos 850 Firmware by Samsung

View all CVEs affecting Exynos 850 Firmware →

Exynos 9110 Firmware by Samsung

View all CVEs affecting Exynos 9110 Firmware →

Exynos 980 Firmware by Samsung

View all CVEs affecting Exynos 980 Firmware →

Exynos 990 Firmware by Samsung

View all CVEs affecting Exynos 990 Firmware →

Exynos Modem 5123 Firmware by Samsung

View all CVEs affecting Exynos Modem 5123 Firmware →

Exynos Modem 5300 Firmware by Samsung

View all CVEs affecting Exynos Modem 5300 Firmware →

Exynos Modem 5400 Firmware by Samsung

View all CVEs affecting Exynos Modem 5400 Firmware →

Exynos W1000 Firmware by Samsung

View all CVEs affecting Exynos W1000 Firmware →

Exynos W920 Firmware by Samsung

View all CVEs affecting Exynos W920 Firmware →

Exynos W930 Firmware by Samsung

View all CVEs affecting Exynos W930 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on the modem processor leading to device compromise, eavesdropping on communications, or denial of service.

🟠

Likely Case

Modem crash or instability requiring device reboot, potentially disrupting cellular connectivity.

🟢

If Mitigated

Limited impact if network filtering blocks malicious RRC packets before reaching devices.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted RRC packets to the target device's modem, typically over cellular networks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Device-specific firmware updates containing modem patches

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-56427/

Restart Required: Yes

Instructions:

1. Check for device firmware updates from manufacturer. 2. Apply available security updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Network filtering

all

Implement network-level filtering to block malformed RRC packets

🧯 If You Can't Patch

• Monitor for unusual modem crashes or connectivity issues
• Consider limiting device exposure to untrusted cellular networks

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against manufacturer's patched versions list

Check Version:

Copy

Device-specific (e.g., Android: Settings > About phone > Software information)

Verify Fix Applied:

Copy

Confirm device has received latest security updates and modem firmware version matches patched releases

📡 Detection & Monitoring

Log Indicators:

• Modem crash logs
• Unexpected baseband resets
• RRC protocol errors

Network Indicators:

• Unusual RRC packet patterns
• Suspicious cellular network traffic

SIEM Query:

Copy

Search for modem/baseband crash events or RRC protocol anomalies

📊 Metadata

CVE ID: CVE-2024-56427

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-125

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: May 14, 2025

Last Updated: July 1, 2025

🔗 References

• https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory
• https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-56427/ Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56427, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)

CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)

CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)