CVE-2023-36481

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:exynos_9810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_9810:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:samsung:exynos_9610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_9610:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_9110:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:09

Type	Values Removed	Values Added
References	~~() https://semiconductor.samsung.com/support/quality-support/product-security-updates/ - Vendor Advisory~~	() https://semiconductor.samsung.com/support/quality-support/product-security-updates/ - Vendor Advisory

31 Aug 2023, 19:03

Type	Values Removed	Values Added
CPE		cpe:2.3:h:samsung:exynos_1330:-:::::::* cpe:2.3:o:samsung:exynos_1380_firmware:-:::::::* cpe:2.3:h:samsung:exynos_9820:-:::::::* cpe:2.3:h:samsung:exynos_1280:-:::::::* cpe:2.3:o:samsung:exynos_9810_firmware:-:::::::* cpe:2.3:h:samsung:exynos_9110:-:::::::* cpe:2.3:h:samsung:exynos_980:-:::::::* cpe:2.3:o:samsung:exynos_1080_firmware:-:::::::* cpe:2.3:o:samsung:exynos_w920_firmware:-:::::::* cpe:2.3:h:samsung:exynos_9610:-:::::::* cpe:2.3:o:samsung:exynos_9820_firmware:-:::::::* cpe:2.3:h:samsung:exynos_1380:-:::::::* cpe:2.3:h:samsung:exynos_2100:-:::::::* cpe:2.3:o:samsung:exynos_9110_firmware:-:::::::* cpe:2.3:o:samsung:exynos_2200_firmware:-:::::::* cpe:2.3:h:samsung:exynos_w920:-:::::::* cpe:2.3:h:samsung:exynos_1080:-:::::::* cpe:2.3:o:samsung:exynos_850_firmware:-:::::::* cpe:2.3:o:samsung:exynos_2100_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1280_firmware:-:::::::* cpe:2.3:h:samsung:exynos_2200:-:::::::* cpe:2.3:o:samsung:exynos_9610_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1330_firmware:-:::::::* cpe:2.3:o:samsung:exynos_980_firmware:-:::::::* cpe:2.3:h:samsung:exynos_850:-:::::::* cpe:2.3:h:samsung:exynos_9810:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-120
First Time		Samsung exynos 1080 Samsung exynos 980 Samsung exynos 1280 Samsung exynos 850 Samsung exynos 9610 Samsung exynos 1330 Samsung exynos 9610 Firmware Samsung exynos 2200 Firmware Samsung Samsung exynos 980 Firmware Samsung exynos 9820 Firmware Samsung exynos W920 Firmware Samsung exynos 1380 Firmware Samsung exynos 850 Firmware Samsung exynos 9810 Samsung exynos 9820 Samsung exynos 1080 Firmware Samsung exynos W920 Samsung exynos 9110 Firmware Samsung exynos 1380 Samsung exynos 9110 Samsung exynos 1280 Firmware Samsung exynos 1330 Firmware Samsung exynos 2200 Samsung exynos 2100 Samsung exynos 9810 Firmware Samsung exynos 2100 Firmware
References	~~(MISC) https://semiconductor.samsung.com/support/quality-support/product-security-updates/ -~~	(MISC) https://semiconductor.samsung.com/support/quality-support/product-security-updates/ - Vendor Advisory

28 Aug 2023, 13:07

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-28 12:15

Updated : 2024-11-21 08:09

NVD link : CVE-2023-36481

Mitre link : CVE-2023-36481

CVE.ORG link : CVE-2023-36481

JSON object : View

Products Affected

samsung

exynos_9610
exynos_2100
exynos_9110
exynos_2100_firmware
exynos_9810
exynos_9820
exynos_2200_firmware
exynos_850
exynos_1280
exynos_980_firmware
exynos_1380
exynos_9610_firmware
exynos_1330_firmware
exynos_9810_firmware
exynos_9820_firmware
exynos_9110_firmware
exynos_w920_firmware
exynos_1080_firmware
exynos_w920
exynos_1080
exynos_2200
exynos_1330
exynos_980
exynos_850_firmware
exynos_1380_firmware
exynos_1280_firmware

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.5 /10