CVE-2023-28613

MEDIUM

Samsung Exynos 1280, Exynos 2200, and Exynos Modem 5300 Firmware - Integer Overflow in IPv4 Fragment Reassembly

Title source: llm

Description

An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.

References (4)

Core 4

Core References

Product

https://semiconductor.samsung.com/processor/mobile-processor/

Product

https://semiconductor.samsung.com/processor/modem/

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172177/Shannon-Baseband-Integer-Overflow.html

Scores

CVSS v3 6.8

EPSS 0.0102

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (3)

samsung/exynos_1280_firmware

samsung/exynos_2200_firmware

samsung/exynos_modem_5300_firmware

Published Apr 04, 2023

Tracked Since Feb 18, 2026