5G NRLC Remote Denial of Service Vulnerability in MediaTek Products
CVE-2023-20702
7.5HIGH
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 6 November 2023
What is CVE-2023-20702?
A significant vulnerability exists in MediaTek's 5G NRLC that allows for potential remote denial of service due to inadequate error handling during memory access. This flaw arises when the User Equipment (UE) processes an invalid 1-byte RLC Service Data Unit (SDU). Notably, exploitation of this vulnerability does not require any special execution privileges or user interaction, making it particularly concerning for device stability. Affected users should consider applying the available patches as outlined in the MediaTek product security bulletin.
Affected Version(s)
MT6835, MT6873, MT6875, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6980, MT6983, MT6985, MT6990, MT8673, MT8675, MT8791, MT8791T, MT8797, MT8798 Modem NR15, NR16, NR17