Out of Bounds Write Vulnerability in MediaTek Modem IMS Call UA
CVE-2023-32889

7.5HIGH

Key Information:

Vendor: MediaTek
Status: MT2735, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990
Vendor: CVE Published:; 2 January 2024

What is CVE-2023-32889?

The vulnerability in MediaTek's Modem IMS Call UA is characterized by a potential out of bounds write, resulting from a missing bounds check. This flaw may allow unauthorized remote denial of service attacks without requiring any user interaction or elevated privileges. The issue can affect the integrity and availability of systems leveraging the affected product. To enhance security, it is essential to apply the provided patch (ID: MOLY01161825) at the earliest opportunity.

Affected Version(s)

MT2735, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990 Modem NR15, NR16, and NR17

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
May 16, 2023