Out of Bounds Write Vulnerability in MediaTek Modem IMS Stack
CVE-2023-32874

9.8CRITICAL

Key Information:

Vendor: MediaTek
Status: MT2735, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990
Vendor: CVE Published:; 2 January 2024

Summary

A vulnerability exists within the Modem IMS Stack from MediaTek, characterized by a possible out of bounds write due to a missing bounds check. This flaw permits the potential for remote code execution without the necessity for additional user privileges or interaction, posing significant security risks. It is crucial for users and administrators to apply the patch identified as MOLY01161803 to mitigate this issue.

Affected Version(s)

MT2735, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990 Modem LR13 NR15, NR16, and NR17

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
May 16, 2023