Stateful Analysis and Fuzzing of Commercial Baseband Firmware

Year
2025
Type(s)
Author(s)
Ali Ranjbar, Tianchang Yang, Kai Tu, Saaman Khalilollahi, and Syed Rafiul Hussain
Source
IEEE Symposium on Security and Privacy (IEEE S&P), 2025
Download FIle

Source code: https://github.com/SyNSec-den/Loris

Reported 7 new 5G NR Vulnerabilities using Loris, 2025

  • CVE-2024-52923
  • CVE-2024-52924
  • CVE-2025-26784
  • CVE-2025-26785
  • CVE-2025-27891
  • Acknowledgement by Samsung.
  • Bluetooth LE: CVE-2024-0045: Acknowledgement by Google.
  • Awarded $29,250 for 1 critical and 2 high-severity vulnerabilities in Pixel phones, Google Bug Bounty (2025)
  • Awarded $10,712 for 2 high- and 3 medium-severity vulnerabilities in Galaxy phones, Samsung Bug Bounty (2025)