CVE-2023-21494 - Vulnerability Details - OpenCVE

Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Samsung	Android Exynos

Configuration 1 [-]

AND

OR	cpe:2.3:o:samsung:android:13.0:-::::::
	cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1::::::
	cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1::::::
	cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1::::::
	cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1::::::
	cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1::::::
	cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1::::::
	cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1::::::

cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

History

Wed, 12 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2023-05-04T00:00:00.000Z

Updated: 2025-02-12T16:15:56.178Z

Reserved: 2022-11-14T00:00:00.000Z

Link: CVE-2023-21494

Vulnrichment

Updated: 2024-08-02T09:36:34.488Z

NVD

Status : Modified

Published: 2023-05-04T21:15:10.200

Modified: 2024-11-21T07:42:57.070

Link: CVE-2023-21494

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-21494", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "dateUpdated": "2025-02-12T16:15:56.178Z", "dateReserved": "2022-11-14T00:00:00.000Z", "datePublished": "2023-05-04T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-05-04T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access."}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "versions": [{"version": "Select devices using Exynos CP chipsets", "status": "affected", "lessThan": "SMR May-2023 Release 1", "versionType": "custom"}]}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:36:34.488Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T19:45:11.559521Z", "id": "CVE-2023-21494", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T16:15:56.178Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:36:34.488Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-21494", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T19:45:11.559521Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T16:15:51.437Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "versions": [{"status": "affected", "version": "Select devices using Exynos CP chipsets", "lessThan": "SMR May-2023 Release 1", "versionType": "custom"}]}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05"}], "descriptions": [{"lang": "en", "value": "Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile", "dateUpdated": "2023-05-04T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-21494", "state": "PUBLISHED", "dateUpdated": "2025-02-12T16:15:56.178Z", "dateReserved": "2022-11-14T00:00:00.000Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2023-05-04T00:00:00.000Z", "assignerShortName": "Samsung Mobile"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*", "matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*", "matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*", "matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*", "matchCriteriaId": "E04D5D21-1755-4766-8302-A0BE61EE9F43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access."}], "id": "CVE-2023-21494", "lastModified": "2024-11-21T07:42:57.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "mobile.security@samsung.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-04T21:15:10.200", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "mobile.security@samsung.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}