Cyber Resilience

CVE-2023-31114

Critical

Published: 07 June 2023

Published
07 June 2023
Modified
07 January 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0032 55.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31114 is a critical-severity Incorrect Resource Transfer Between Spheres (CWE-669) vulnerability in Samsung Exynos 5123 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 44.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
exynos 5123 firmware
all versions
samsung
exynos 5300 firmware
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-669

Enforces proper authorization rules for any resource or data transfer between different spheres.

addresses: CWE-669

Accountability, documentation, and protection requirements ensure correct transfer of media resources between spheres.

addresses: CWE-669

Reduces incorrect transfers between spheres by establishing clear, separate domains for different sensitivities or functions.

addresses: CWE-669

It governs all resource transfers between spheres, preventing incorrect or unauthorized movement of data or capabilities across domain interfaces.

addresses: CWE-669

Addresses incorrect transfer of resources to an uncontrolled sphere by requiring approved destruction or sanitization methods.

References