SVE-2019-13963 : Remote stack overflow in Samsung baseband caused by malformed IMMEDIATE ASSIGNMENT message

Posted on Mon 07 December 2020 in Advisory • Tagged with vulnerability, advisory, samsung, shannon, baseband, security, arm

Description

When Samsung Shannon baseband receives message IMMEDIATE ASSIGNMENT (9.1.18 in GSM/04.08) from network, the length of the Mobile Allocation IE (GSM/04.08 10.5.2.21) is not properly checked.

GSM/04.08 IMMEDIATE ASSIGNMENT message

Mobile allocation data is directly copied to a buffer on the stack without checking …


Continue reading

Remote stack overflow in Samsung baseband caused by malformed GMM ATTACH ACCEPT message

Posted on Mon 30 November 2020 in Advisory • Tagged with vulnerability, advisory, samsung, shannon, baseband, security, arm

Description

When Samsung Shannon baseband receives message GMM ATTACH ACCEPT (9.4.2 in TS 24.008) from network, the minimum length for MS Identity IE (10.5.1.4) is not properly checked.

TS 24.008 GMM ATTACH ACCEPT message

MS Identity (IEI 0x23) length is decremented without prior check. If this value is zero, a …


Continue reading

Remote stack overflow in Samsung baseband caused by malformed P-TMSI REALLOCATION COMMAND

Posted on Mon 23 November 2020 in Advisory • Tagged with vulnerability, advisory, samsung, shannon, baseband, security, arm

Description

When Samsung Shannon baseband receives message P-TMSI REALLOCATION COMMAND (9.4.7 in TS 24.008) from network, the length of the Mobile Identity IE (10.5.1.4) is not properly checked.

TS 24.008 P-TMSI REALLOCATION COMMAND message

Mobile identity data is directly copied to a stack buffer without prior size check. This stack …


Continue reading