CVE-2023-32844

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID:...

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security Exchange...

CVE-2022-44420

In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges...

CVE-2025-26784

The CVE-2025-26784 entry concerns NAS in Samsung Exynos (multiple SoCs) where a missing length check enables out-of-bounds writes. Connected Android Pixel bulletin confirms an RCE issue under Modem with High severity and notes a patch path via Pixel updates to the 2025-08-05 patch level; no explo...

CVE-2025-20670

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation...

CVE-2025-20667

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-25738

Information disclosure in modem due to buffer over-red while performing checksum of packet received...

CVE-2022-25705

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response...

CVE-2022-25728

Information disclosure in modem due to buffer over-read while processing response from DNS server...

CVE-2022-25737

Information disclosure in modem due to missing NULL check while reading packets received from local network...

CVE-2022-25731

Information disclosure in modem due to buffer over-read while processing packets from DNS server...

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...

CVE-2024-20151

The CVE-2024-20151 entry concerns MediaTek’s Modem component where an incorrect bounds check can cause an out-of-bounds write. This vulnerability could enable local escalation of privilege if an attacker already has System privileges, with no user interaction required. A patch is identified as MO...

SUSE CVE-2024-7544

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7545

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2023-52533

The CVE-2023-52533 entry concerns the modem-ps-nas-ngmm component, where incorrect error handling may cause undefined behavior. This could enable remote information disclosure without additional privileges. Public sources (NVD/Red Hat/CVE records) state the impact as information disclosure with n...

CVE-2023-21631 Improper Input Validation in Modem

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network...

Command injection

In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges...

Command injection

In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges...

CVE-2022-44420

In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges...