CVE-2023-36481 – Buffer copy without checking input size during PPP communication in Shannon BaseBand (28th Aug 2023)

Preface: Samsung has also used a cheaper and less smart processor, Exynos 9610 with the unit cost of $14.90, for the affordable Galaxy A50 model.

Background: Global edition devices instead use EXYNOS – Samsung LSI’s in-house SoC (System on a chip). Shannon co-exists in the SoC floorplan as an IP block.

Every phone today that has a SIM card has a baseband processor. Shannon is-a particular implementation of these standards.

Remark: When writing Linux kernel driver software for a new SOC, it can be helpful to know the specific IP block (and it’s heritage) used in a chip, in order to reuse software from other projects.

Vulnerability details: An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.

Official announcement: For details, please refer to the link – https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.