CVE-2023-20702

2023-11-0603:50:51

MediaTek

www.cve.org

nrlc

memory access

denial of service

remote

patch id

issue id

0.001 Low

EPSS

Percentile

34.6%

JSON

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6835, MT6873, MT6875, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6980, MT6983, MT6985, MT6990, MT8673, MT8675, MT8791, MT8791T, MT8797, MT8798",
    "versions": [
      {
        "version": "Modem NR15, NR16, NR17",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/November-2023

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for CVELIST:CVE-2023-20702