Samsung Smart Phone HAL VaultKeeper initialize heap-based overflow
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.8 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Samsung Smart Phone and classified as critical. The affected element is the function initialize of the component HAL VaultKeeper. Performing a manipulation results in heap-based overflow.
This vulnerability is known as CVE-2023-30681. Attacking locally is a requirement. No exploit is available.
The affected component should be upgraded.
Details
A vulnerability was found in Samsung Smart Phone (Smartphone Operating System) (the affected version unknown). It has been classified as critical. This affects the function initialize of the component HAL VaultKeeper. The manipulation with an unknown input leads to a heap-based overflow vulnerability. CWE is classifying the issue as CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
The weakness was published 08/10/2023. It is possible to read the advisory at security.samsungmobile.com. This vulnerability is uniquely identified as CVE-2023-30681 since 04/14/2023. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading eliminates this vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.samsung.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.8VulDB Meta Temp Score: 5.8
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 4.4
CNA Vector (Samsung Mobile): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Heap-based overflowCWE: CWE-122 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
04/14/2023 🔍08/10/2023 🔍
08/10/2023 🔍
09/05/2023 🔍
Sources
Vendor: samsung.comAdvisory: security.samsungmobile.com
Status: Confirmed
CVE: CVE-2023-30681 (🔍)
GCVE (CVE): GCVE-0-2023-30681
GCVE (VulDB): GCVE-100-236715
Entry
Created: 08/10/2023 08:54Updated: 09/05/2023 06:43
Changes: 08/10/2023 08:54 (50), 09/05/2023 06:43 (11)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.