We have identified a new stack buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve denial of service in Android in the radio context. The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30644. Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.

We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context. The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30645. Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.

We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context. The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30646. Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.

We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context. The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30647. Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.

We have identified a new stack buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve denial of service in Android in the radio context. The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30648. Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.

We have identified a new heap buffer overflow vulnerability in Samsung’s Android Radio Interface Layer implementation. The vulnerability can be exploited by a malicious (compromised) baseband runtime to achieve arbitrary code execution in Android in the radio context. The vulnerability we are disclosing in this advisory affected a wide range of Samsung devices, including phones on the newest Exynos chipsets. The July 2023 issue of the Samsung Mobile Security Bulletin contains this vulnerability as CVE-2023-30649. Vulnerability Details The Exynos vendor RIL implementation, provided by the libsec-ril.so library, exposes an Inter Process Call (IPC) interface to the baseband processor. The baseband processor can use this API through dedicated IPC messages.