CVE-2023-32843

CVSS 7.5 HIGHEPSS 1.4%CWE-617

In short

A 5G modem can crash when it receives specially crafted network messages because it doesn't properly handle errors. An attacker can remotely cause this crash without needing special access or user action, disrupting the device's connectivity.

Technical detail

The 5G modem lacks proper error handling for malformed RRC (Radio Resource Control) messages, allowing a remote attacker to trigger a system crash via a network-based vector without elevated privileges or user interaction. The vulnerability results in denial of service by making the modem unresponsive.

Summary generated and translated by AI from the official description.

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

MediaTek, Inc. · MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/December-2023