CVE-2024-46921

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack).

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-46921/
https://github.com/asset-group/5ghoul-5g-nr-attacks/tree/master

Configurations

No configuration.

History

31 Jan 2025, 17:15

Type	Values Removed	Values Added
CWE		CWE-770
Summary		(es) Se descubrió un problema en el procesador y módem móvil Samsung Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, módem 5123, módem 5300, módem 5400. La UE no limita la cantidad de intentos para el procedimiento de configuración de RRC en la SA 5G, lo que genera una denegación de servicio (ataque de descarga de batería).
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References		() https://github.com/asset-group/5ghoul-5g-nr-attacks/tree/master -

13 Jan 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-13 19:15

Updated : 2025-01-31 17:15

NVD link : CVE-2024-46921

Mitre link : CVE-2024-46921

CVE.ORG link : CVE-2024-46921

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

6.5 /10