CVE-2023-32844

2023-12-0403:46:03

MediaTek

www.cve.org

5g modem

system crash

error handling

denial of service

rrc messages

remote

exploitation

patch id

issue id

msv-850

cve-2023-32844

EPSS

0.001

Percentile

34.4%

JSON

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990",
    "versions": [
      {
        "version": "Modem NR15, NR16, and NR17",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/December-2023

EPSS

0.001

Percentile

34.4%

JSON

Related for CVELIST:CVE-2023-32844