Out of Bounds Write Vulnerability in Mediatek Modem IMS Call UA
CVE-2023-32888

7.5HIGH

Key Information:

Vendor: MediaTek
Status: MT2735, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990
Vendor: CVE Published:; 2 January 2024

Summary

The out of bounds write vulnerability in Mediatek's Modem IMS Call User Agent presents significant security concerns, as it results from a failure to implement proper bounds checking. This oversight enables potential attackers to induce a remote denial of service, disrupting the availability of the affected systems without requiring any user interaction. To mitigate this risk, it is crucial for users to apply the necessary patches and keep their systems updated. The relevant patch ID is MOLY01161830, associated with issue ID MSV-894, emphasizing the importance of addressing this vulnerability promptly.

Affected Version(s)

MT2735, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990 Modem NR15, NR16, and NR17

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
May 16, 2023