CVE-2024-52923
Published: 06 March 2025
Summary
CVE-2024-52923 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Samsung Exynos 9820 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces input validation and boundary checks on DL NAS Transport messages to prevent buffer overflows during decoding.
Implements memory safeguards like address space layout randomization and non-executable stacks to mitigate exploitation of missing boundary checks in Exynos processors.
Requires timely patching of the specific boundary check flaw via Samsung's published security updates for affected Exynos components.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote network exploitation via crafted DL NAS Transport messages to trigger DoS on the modem/processor due to missing boundary checks, directly enabling Application or System Exploitation under Endpoint Denial of Service.
NVD Description
An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack…
more
of a boundary check during the decoding of DL NAS Transport messages leads to a Denial of Service.
Deeper analysisAI
CVE-2024-52923 is a vulnerability in the NRMM component of various Samsung Exynos processors and modems, including Mobile Processor and Wearable Processor models Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, as well as Modem 5123, Modem 5300, and Modem 5400. The issue stems from a lack of boundary check during the decoding of DL NAS Transport messages, which can lead to a denial of service. It has a CVSS v3.1 base score of 7.5, associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).
The vulnerability is exploitable over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and results in high-impact availability disruption (A:H) without affecting confidentiality or integrity. Remote attackers can trigger the denial of service by sending specially crafted DL NAS Transport messages to affected devices, potentially disrupting modem or processor functionality in Samsung devices relying on these Exynos components.
Samsung has published product security updates addressing this issue at https://semiconductor.samsung.com/support/quality-support/product-security-updates/. Security practitioners should consult this advisory for patch availability and apply updates to vulnerable Exynos-based devices.
Details
- CWE(s)