CVE-2024-20003

2024-02-0505:59:33

MediaTek

www.cve.org

modem nl1

input validation

system crash

remote denial of service

rrc connection setup message

patch id

issue id

moly01191612

msv-981

EPSS

0.001

Percentile

30.8%

JSON

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797",
    "versions": [
      {
        "version": "Modem NR15",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/February-2024

EPSS

0.001

Percentile

30.8%

JSON

Related for CVELIST:CVE-2024-20003