Description
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low
Affected products
- Samsung Mobile / Samsung Mobile DevicesP(9.0), Q(10.0), R(11.0), S(12.0) with select Exynos devices – SMR Feb-2022 Release 1