Stateful Analysis and Fuzzing of Commercial Baseband Firmware

Year

2025

Type(s)

Conference

Author(s)

Ali Ranjbar, Tianchang Yang, Kai Tu, Saaman Khalilollahi, and Syed Rafiul Hussain

Source

IEEE Symposium on Security and Privacy (IEEE S&P), 2025

Download FIle

Source code: https://github.com/SyNSec-den/Loris

Reported 7 new 5G NR Vulnerabilities using Loris, 2025

CVE-2024-52923
CVE-2024-52924
CVE-2025-26784
CVE-2025-26785
CVE-2025-27891
Acknowledgement by Samsung.
Bluetooth LE: CVE-2024-0045: Acknowledgement by Google.
Awarded $29,250 for 1 critical and 2 high-severity vulnerabilities in Pixel phones, Google Bug Bounty (2025)
Awarded $10,712 for 2 high- and 3 medium-severity vulnerabilities in Galaxy phones, Samsung Bug Bounty (2025)