We have identified a new stack buffer overflow vulnerability in Mediatek’s Linux Kernel driver implementation of cellular-to-application processor communication interface (CCCI). The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in the Linux Kernel.
The vulnerability we are disclosing in this advisory affected a wide range of Mediatek devices, including phones on the newest chipsets (Dimensity 700, 1000, etc). The July 2022 issue of the Mediatek Security Bulletin contains this vulnerability as CVE-2022-21766.
Vulnerability Details There is a kernel stack buffer overflow vulnerability in the implementation of the modem-kernel communication interface. The stack overflow can be used to overwrite the return address of a kernel function, with attacker controlled data.
We have identified a new heap buffer overflow vulnerability in Mediatek’s baseband implementation. The vulnerability can be exploited to achieve arbitrary code execution in the baseband runtime.
The vulnerability we are disclosing in this advisory affected a wide range of Mediatek devices, including phones on the newest chipsets (Dimensity 700, 1000, etc). The July 2022 issue of the Mediatek Security Bulletin contains this vulnerability as CVE-2022-21744.
Vulnerability Details The GPRS Packet Neighbour Cell Data (PNCD) message is an optional message sent by the network on the PACCH to provide system information required for initial access in a neighbouring cell. In the case of the MediaTek baseband firmware, this message is processed in the FDD_rmpc_mac_rmpc_pncd_ind_hdlr function.
We have identified a new out-of-bound write vulnerability in Mediatek’s Linux Kernel driver implementation of cellular-to-application processor communication interface (CCCI). The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in the Linux Kernel.
The vulnerability we are disclosing in this advisory affected a wide range of Mediatek devices, including phones on the newest chipsets (Dimensity 700, 1000, etc). The July 2022 issue of the Mediatek Security Bulletin contains this vulnerability as CVE-2022-21765.
Vulnerability Details There is a vmalloc out-of-bound write vulnerability in the kernel implementation of the modem-kernel communication interface. The out-of-bound write can be used to write controlled data, with controlled size, at a controlled location within the kernel’s vmalloc memory region.
We have identified a new out-of-bound read vulnerability in Mediatek’s Linux Kernel driver implementation of cellular-to-application processor communication interface (CCCI). The vulnerability can be exploited by a malicious (compromised) baseband runtime to leak information from the kernel runtime and break the kernel’s entropy-based mitigations such as KASLR and stack smashing protection.
The vulnerability we are disclosing in this advisory affected a wide range of Mediatek devices, including phones on the newest chipsets (Dimensity 700, 1000, etc). The July 2022 issue of the Mediatek Security Bulletin contains this vulnerability as CVE-2022-21769.
Vulnerability Details There is a vmalloc out-of-bound read vulnerability in the kernel implementation of the modem-kernel communication interface.
We have identified a new heap buffer overflow vulnerability in Samsung’s baseband implementation (mainly used in Exynos chipsets). The vulnerability can be exploited to achieve arbitrary code execution in the baseband runtime.
The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The June 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-21517.
Vulnerability Details Layer 3 LTE NAS messages are composed of various Information Elements and the Exynos modem implementation defines dedicated parser functions for each IE type. The vulnerability is within the parser function of the Traffic Flow Template IE (3GPP TS 24.
We have identified a new stack buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve denial of service in Android in the radio context.
The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30644.
Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.
We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context.
The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30645.
Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.
We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context.
The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30646.
Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.
We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context.
The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30647.
Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.
We have identified a new stack buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve denial of service in Android in the radio context.
The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30648.
Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.