CVE-2023-32846

EPSS 1.4%

In short

A 5G modem can crash when it receives malformed network messages, allowing attackers to remotely cause a denial of service without needing special access or user action.

Technical detail

The vulnerability exists in RRC (Radio Resource Control) message handling within a 5G modem due to improper error handling. Remote attackers can send malformed RRC messages to trigger a system crash, resulting in denial of service; no authentication or user interaction is required.

Summary generated and translated by AI from the official description.

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861).

Affected products

MediaTek, Inc. · MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/December-2023