Vulnerabilities > CVE-2023-31114 - Incorrect Resource Transfer Between Spheres vulnerability in Samsung Exynos 5123 Firmware and Exynos 5300 Firmware

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

samsung

CWE-669

critical

NVD

Published: 2023-06-07

Updated: 2023-06-14

Summary

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Exynos 5123 Firmware - Samsung Exynos 5300 Firmware -	2
Hardware	Samsung Samsung Exynos 5123 - Samsung Exynos 5300 -	2

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/