CVE-2024-29152 Overview
CVE-2024-29152 affects Samsung Exynos Mobile Processors, Wearable Processors, and standalone Modems. The baseband software fails to properly validate states specified by the Radio Resource Control (RRC) Reconfiguration message. An attacker on the network can trigger the flaw to extract sensitive information from affected devices. The issue spans a broad range of chipsets used in smartphones, smartwatches, and automotive platforms. Samsung published the issue in its Semiconductor product security updates on June 4, 2024.
Critical Impact
A remote attacker can disclose sensitive baseband information without authentication or user interaction by sending a crafted RRC Reconfiguration message to a vulnerable Exynos device.
Affected Products
- Samsung Exynos Mobile Processors: 980, 990, 1080, 2100, 2200, 1280, 1380, 1330, 2400, and 850
- Samsung Exynos Wearable Processors: 9110, W920, and W930
- Samsung Exynos Modems: 5123, 5300, and Auto T5123
Discovery Timeline
- 2024-06-04 - CVE-2024-29152 published to NVD
- 2025-08-27 - Last updated in NVD database
Technical Details for CVE-2024-29152
Vulnerability Analysis
The vulnerability resides in the baseband software that processes Radio Resource Control signaling messages. RRC is the layer-3 protocol used in LTE and 5G networks to manage the connection between user equipment and the base station. The RRC Reconfiguration message instructs the device to update its radio configuration, including measurement, mobility, and security parameters.
The Exynos baseband does not properly check the protocol states required before applying an RRC Reconfiguration message. When the message is processed in an unexpected state, the baseband exposes sensitive information that should remain isolated to internal modem operations. This is an information disclosure issue tracked under [CWE-noinfo] since Samsung has not disclosed the specific weakness class.
Root Cause
The root cause is missing state validation in the RRC message handler. The baseband accepts and acts on a Reconfiguration message without confirming that the device is in a corresponding valid RRC state, such as RRC_CONNECTED. Improper state machine enforcement in cellular stacks is a recurring class of baseband flaw that leads to memory disclosure or protocol downgrade.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker operating a rogue or compromised base station, or otherwise positioned to inject signaling toward the target device, can send a crafted RRC Reconfiguration message. The vulnerable baseband processes the message in an invalid state and returns or leaks sensitive data. Exploitation typically requires proximity to the victim or control over upstream radio infrastructure.
Detection Methods for CVE-2024-29152
Indicators of Compromise
- Unexpected RRC Reconfiguration messages received outside of normal mobility events or handovers.
- Device baseband logs showing reconfiguration processing while the UE is not in RRC_CONNECTED state.
- Presence of unauthorized or unknown base stations broadcasting in the vicinity of affected devices.
Detection Strategies
- Monitor cellular signaling logs from managed mobile fleets for malformed or unexpected RRC Reconfiguration sequences.
- Use radio frequency monitoring tools to identify rogue base stations or IMSI catchers near sensitive facilities.
- Correlate diagnostic baseband traces with handset firmware versions to flag devices that have not received the Samsung patch.
Monitoring Recommendations
- Track Samsung Semiconductor product security bulletins for affected Exynos chipset firmware updates.
- Maintain inventory of mobile and wearable devices that ship with vulnerable Exynos chipsets and verify carrier patch deployment.
- Alert on anomalous mobile network behavior such as repeated forced reconnections or unsolicited reconfiguration events reported by enrolled devices.
How to Mitigate CVE-2024-29152
Immediate Actions Required
- Apply the latest carrier and OEM firmware updates that include the Samsung Exynos baseband patches addressing CVE-2024-29152.
- Inventory mobile, wearable, and automotive endpoints using affected Exynos chipsets and prioritize updates for high-risk users.
- Restrict use of unpatched devices in environments where rogue base station attacks are plausible.
Patch Information
Samsung addressed the issue in baseband firmware updates distributed through device manufacturers and carriers. Refer to the Samsung Product Security Updates page for the authoritative advisory and the list of patched firmware versions per affected Exynos product.
Workarounds
- Disable 2G fallback and, where supported, restrict the device to 5G Standalone mode to reduce exposure to downgrade-based rogue base station attacks.
- Use enterprise mobility management policies to enforce minimum patched firmware levels before granting access to corporate resources.
- For high-risk users, consider physical mitigations such as Faraday sleeves when traveling through areas with suspected hostile radio infrastructure.
# Verify Samsung device firmware build on Android via ADB
adb shell getprop ro.build.version.incremental
adb shell getprop ro.build.version.security_patch
adb shell getprop gsm.version.baseband
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
