Samsung Smart Phone Shannon Baseband mm_Authentication.c memory corruption
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.9 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Samsung Smart Phone (Smartphone Operating System) (unknown version). Affected by this issue is an unknown code block of the file mm_Authentication.c of the component Shannon Baseband. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
The weakness was shared 05/05/2023. The advisory is shared for download at security.samsungmobile.com. This vulnerability is handled as CVE-2023-21494 since 11/14/2022. There are known technical details, but no exploit is available.
Upgrading eliminates this vulnerability.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔒VulDB CVSS-BT Score: 🔒
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.0VulDB Meta Temp Score: 6.9
VulDB Base Score: 5.6
VulDB Temp Score: 5.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔒
CNA Base Score: 5.6
CNA Vector (Samsung Mobile): 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Timeline
11/14/2022 CVE reserved05/05/2023 Advisory disclosed
05/05/2023 VulDB entry created
05/28/2023 VulDB entry last update
Sources
Vendor: samsung.comAdvisory: security.samsungmobile.com
Status: Confirmed
CVE: CVE-2023-21494 (🔒)
Entry
Created: 05/05/2023 07:20Updated: 05/28/2023 06:55
Changes: 05/05/2023 07:20 (50), 05/28/2023 06:55 (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.