This is not true on pretty much any phone post 2014ish. Pretty much all platforms have IOMMU's or similar separation mechanisms. source: did baseband vr commercially

Not on MTK chipsets, or at least the older ones I'm familiar with:

https://github.com/varunchitre15/MT6589_kernel_source/blob/m...

Look at the enable_mem_access_protection function.

Basebands have not had DMA for a long time. There can still be vulnerabilities, which it sounds like is what happened here, but there’s no DMA anymore on new phones.

That was (possibly still is) the case on Qualcomm integrated Application and Baseband SoCs, not on Exynos where baseband is the junior partner.

IOUMMU prevents this