CVE-2023-26076

HIGH

Samsung Mobile Chipset - Buffer Overflow

Title source: llm

Description

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to insufficient parameter validation when decoding reserved options.

References (5)

Core 5

Core References

Various Sources

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

Product

https://semiconductor.samsung.com/processor/mobile-processor/

Product

https://semiconductor.samsung.com/processor/modem/

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171400/Shannon-Baseband-NrSmPcoCodec-Intra-Object-Overflow.html

Scores

CVSS v3 7.6

EPSS 0.0068

EPSS Percentile 71.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (5)

samsung/exynos_1280_firmware

samsung/exynos_2200_firmware

samsung/exynos_auto_t5123_firmware

samsung/exynos_modem_5123_firmware

samsung/exynos_modem_5300_firmware

Published Mar 13, 2023

Tracked Since Feb 18, 2026