Galaxy S22 March 2023 update

Severe flaws discovered in Exynos modems, here’s what Samsung said

Google Project Zero team has disclosed severe zero-day security flaws in the Samsung Exynos modem. Affected Exynos modem used in various Samsung devices including the Galaxy S22 series along with the Google Pixel 6a/6/6 Pro and Galaxy wearables.

According to the information, Project Zero reported 18 vulnerabilities in Exynos modems in late 2022 and early 2023. And notably, four of the flaws, including CVE-2023-24033, involve internet-to-baseband remote code execution:

Follow our socials → Google News, Telegram, Twitter, Facebook

Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number. With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational exploit to compromise affected devices silently and remotely.

Among 18, 14 are not considered as severe because they “require either a malicious mobile network operator or an attacker with local access to the device.” The team is making a “policy exception to delay disclosure for the four vulnerabilities that allow for internet-to-baseband remote code execution.”

Galaxy S22 March 2023 update

Affected devices

Samsung Semiconductor (January 2023) data reveals that Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123 are affected chipsets.

Affected devices

Samsung Semiconductor (January 2023) data reveals that Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5123 are affected chipsets.

Google compiled a list of likely affected products:

Samsung Galaxy:

  • S22 series
  • M33
  • M13
  • M12
  • A71
  • A53
  • A33
  • A21
  • A13
  • A12
  • A04 series
  • Watch 4 series
  • Watch 5 series

Google:

  • Pixel 6 and 6 Pro
  • Pixel 6a
  • Pixel 7 and 7 Pro

Vivo:

  • S16
  • S15
  • S6
  • X70
  • X60
  • X30 series

Wearable:

  • Any wearables that use the Exynos W920 chipset

Vehicle:

  • Any vehicles that use the Exynos Auto T5123 chipset

Samsung Exynos flaws

Samsung March 2023 Patch

Samsung detailed the March 2023 security patch earlier this month, which doesn’t provide fixes to the severe CVE-2023-24033 vulnerability. At the same time, Google listed the CVE in its March 2023 Android security bulletin, which started to roll out to Pixel devices on Monday.

Samsung responded

Samsung recently responded on this matter, said –

At the end of last year, we received a security issue notification for Google project zero, and Samsung has provided all customers with a patch version for this vulnerability, and the related issues have now been resolved.

adbanner