Lucene search

MediaTekCVE-2023-32844

HistoryDec 04, 2023 - 4:15 a.m.

CVE-2023-32844

2023-12-0404:15:07

CWE-617

MediaTek

web.nvd.nist.gov

5g modem

system crash

error handling

remote denial of service

rrc messages

patch

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).

Affected configurations

Nvd

Node

mediateknr15Match-

mediateknr16Match-

mediateknr17Match-

AND

mediatekmt2735Match-

mediatekmt2737Match-

mediatekmt6297Match-

mediatekmt6298Match-

mediatekmt6813Match-

mediatekmt6815Match-

mediatekmt6833Match-

mediatekmt6835Match-

mediatekmt6853Match-

mediatekmt6855Match-

mediatekmt6873Match-

mediatekmt6875Match-

mediatekmt6875tMatch-

mediatekmt6877Match-

mediatekmt6879Match-

mediatekmt6880Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6886Match-

mediatekmt6889Match-

mediatekmt6890Match-

mediatekmt6891Match-

mediatekmt6893Match-

mediatekmt6895Match-

mediatekmt6895tMatch-

mediatekmt6896Match-

mediatekmt6897Match-

mediatekmt6980Match-

mediatekmt6980dMatch-

mediatekmt6983Match-

mediatekmt6985Match-

mediatekmt6989Match-

mediatekmt6990Match-

VendorProductVersionCPE
mediateknr15-cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
mediateknr16-cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*
mediateknr17-cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*
mediatekmt2735-cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
mediatekmt2737-cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
mediatekmt6297-cpe:2.3:h:mediatek:mt6297:-:*:*:*:*:*:*:*
mediatekmt6298-cpe:2.3:h:mediatek:mt6298:-:*:*:*:*:*:*:*
mediatekmt6813-cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
mediatekmt6815-cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*
mediatekmt6833-cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	nr15	-	cpe:2.3:o:mediatek:nr15:-:::::::*
mediatek	nr16	-	cpe:2.3:o:mediatek:nr16:-:::::::*
mediatek	nr17	-	cpe:2.3:o:mediatek:nr17:-:::::::*
mediatek	mt2735	-	cpe:2.3:h:mediatek:mt2735:-:::::::*
mediatek	mt2737	-	cpe:2.3:h:mediatek:mt2737:-:::::::*
mediatek	mt6297	-	cpe:2.3:h:mediatek:mt6297:-:::::::*
mediatek	mt6298	-	cpe:2.3:h:mediatek:mt6298:-:::::::*
mediatek	mt6813	-	cpe:2.3:h:mediatek:mt6813:-:::::::*
mediatek	mt6815	-	cpe:2.3:h:mediatek:mt6815:-:::::::*
mediatek	mt6833	-	cpe:2.3:h:mediatek:mt6833:-:::::::*

Rows per page:

1-10 of 361

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990",
    "versions": [
      {
        "version": "Modem NR15, NR16, and NR17",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/December-2023

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

Related for CVE-2023-32844