CVE-2023-32841

EPSS 1.4%

In short

A 5G modem can crash when it receives malformed RRC (Radio Resource Control) messages because the software doesn't properly handle errors. This allows attackers to remotely disable the device without needing special access.

Technical detail

Improper error handling in 5G RRC message processing enables unauthenticated remote denial of service via malformed RRC frames. The vulnerability requires no elevated privileges or user interaction, allowing attackers on the network to trigger system crashes through specifically crafted radio protocol messages.

Summary generated and translated by AI from the official description.

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846).

Affected products

MediaTek, Inc. · MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/December-2023