CVE-2023-32842

EPSS 1.4%

In short

A 5G modem can crash when it receives certain malformed network messages, allowing someone on the network to cause a denial of service without any special access or user action needed.

Technical detail

Improper error handling in RRC message processing within a 5G modem allows remote attackers to trigger a system crash via crafted messages; the vulnerability requires network-level access but no elevated privileges or user interaction, resulting in denial of service impact.

Summary generated and translated by AI from the official description.

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).

Affected products

MediaTek, Inc. · MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/December-2023