What is CVE-2023-31114?

CVE-2023-31114 is a critical-severity vulnerability in Samsung Exynos_5123, classified under Incorrect Resource Transfer Between Spheres. CVSS score: 9.1/10. Published 2023-06-07.

How severe is CVE-2023-31114?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Samsung Exynos_5123

CVE-2023-31114

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.

EPSS: 0.006 (42.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Samsung Exynos_5123
Samsung Exynos_5123_firmware
Samsung Exynos_5300
Samsung Exynos_5300_firmware
N/a — versions n/a

Weakness classification (CWE)

CWE-669 — Incorrect Resource Transfer Between Spheres

References

cve@mitre.org (Vendor Advisory)

Frequently asked questions

What is CVE-2023-31114?: CVE-2023-31114 is a critical-severity vulnerability in Samsung Exynos_5123, classified under Incorrect Resource Transfer Between Spheres. CVSS score: 9.1/10. Published 2023-06-07.
How severe is CVE-2023-31114?: Critical severity. CVSS v3 base score is 9.1 out of 10.