Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of IPCP headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the baseband processor. Was ZDI-CAN-5368.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://zerodayinitiative.com/advisories/ZDI-18-1077
Scores
CVSS v3
8.8
EPSS
0.0096
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-20
Status
published
Products (1)
samsung/galaxy_s8_firmware
g950fxxu1aql5
Published
Sep 24, 2018
Tracked Since
Feb 18, 2026