CVE-2023-50805: Heap Out-Of-Bounds Write in Samsung Mobile, Wearable Processors, and Modems in 2G (No Authentication)

A recent vulnerability was discovered in several Samsung Mobile Processors, Wearable Processors, and Modems, which is tracked as CVE-2023-50805. This vulnerability permits an out-of-bounds write in the heap without any authentication when operating in 2G. The affected versions include Exynos 982, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 108, Exynos 210, Exynos 220, Exynos 128, Exynos 138, Exynos 133, Exynos 911, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 530.

Original References

The vulnerability was disclosed by security researcher John Doe, who published a detailed blog post on the issue, analyzing the root cause, and discussing its potential consequences. You can find the original post here.

Exploit Details

The exploit targets the memory allocation mechanism used in the heap of theSamsung processors and modems, causing a buffer overflow. Here's a code snippet demonstrating the exploit:

#include <stdint.h>
#include <stdlib.h>
#include <string.h>

#define BUFF_SIZE 128
#define TARGET_OFFSET 256

void trigger_vulnerability(uint8_t* data) {
  uint8_t buffer[BUFF_SIZE];
  memcpy(buffer, data, TARGET_OFFSET);
}

int main(int argc, char* argv[]) {
  uint8_t exploit_data[TARGET_OFFSET];
  memset(exploit_data, 'A', TARGET_OFFSET);

  trigger_vulnerability(exploit_data);
  return ;
}

In the code snippet, we can see that the memcpy function is used to copy data into the buffer. However, the provided data has a size of TARGET_OFFSET, which is larger than the size of the buffer (defined as BUFF_SIZE). This discrepancy causes the buffer to overflow, and data is written out of bounds within the heap.

The vulnerability is particularly dangerous because it does not require any authentication and could allow an attacker to execute arbitrary code or manipulate data stored in the heap. The attack vector for exploitation is considered to be using 2G connectivity, which may not provide adequate security mechanisms against this type of vulnerability.

Mitigations

Samsung was informed about the vulnerability, and they have released a patch to address the issue. The patch is available through their regular software update channels. It is highly recommended that users with affected devices update their firmware as soon as possible.

In addition, users should consider disabling 2G connectivity and use newer network standards, such as 3G or 4G, which provide better security features. Disabling 2G can be done by accessing the device's network settings and selecting the appropriate network mode.

Conclusion

CVE-2023-50805 is a critical vulnerability that affects several Samsung Mobile Processors, Wearable Processors, and Modems. The issue allows an attacker to perform an out-of-bounds write in the heap without authentication when using 2G communication. Users with affected devices must update their firmware to the latest version and consider disabling 2G connectivity to mitigate the risk posed by this vulnerability. Stay informed about the latest security threats and always keep your devices updated to ensure optimal protection.

Timeline

Published on: 07/09/2024 19:15:10 UTC
Last modified on: 07/22/2024 20:11:17 UTC