CVE-2023-32844

EPSS 1.4%

In short

A 5G modem can crash when it receives malformed RRC messages from the network, causing the device to stop working. An attacker can trigger this remotely without needing special permissions or user interaction.

Technical detail

The vulnerability exists in improper error handling of RRC (Radio Resource Control) messages in 5G modems, allowing a remote attacker to send specially crafted messages that cause a system crash, resulting in denial of service. No elevated privileges or user interaction is required for exploitation.

Summary generated and translated by AI from the official description.

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).

Affected products

MediaTek, Inc. · MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/December-2023