Remote Denial of Service Vulnerability in Modem 4G RRC by MediaTek
CVE-2022-26446

7.5HIGH

Key Information:

Vendor
MediaTek
Status
Mt2731, Mt2735, Mt6297, Mt6725, Mt6739, Mt6761, Mt6762, Mt6762d, Mt6762m, Mt6763, Mt6765, Mt6765t, Mt6767, Mt6768, Mt6769, Mt6769t, Mt6769z, Mt6771, Mt6779, Mt6781, Mt6783, Mt6785, Mt6785t, Mt6789, Mt6833, Mt6853, Mt6855, Mt6873, Mt6875, Mt6877, Mt6879, Mt6880, Mt6883, Mt6885, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6983, Mt8385, Mt8666, Mt8667, Mt8675, Mt8765, Mt8766, Mt8768, Mt8786, Mt8788, Mt8789, Mt8791, Mt8797
Vendor
CVE Published:
8 November 2022

Summary

A vulnerability exists in the Modem 4G RRC due to insufficient input validation, which may result in a system crash. This vulnerability allows an attacker to exploit the system remotely via improperly concatenated SIB12 (CMAS message) messages, causing a denial of service without requiring any user interaction. The issue can be addressed through the application of specific patches, such as Patch ID: MOLY00867883.

Affected Version(s)

MT2731, MT2735, MT6297, MT6725, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 Modem LR12A, LR13, NR15, NR16

References

https://corp.mediatek.com/product-security-bulletin/Novem...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.