Out of Bounds Write Vulnerability in MediaTek Modem IMS Call UA
CVE-2023-32889

7.5HIGH

Key Information:

Vendor

MediaTek
Status
Mt2735, Mt6813, Mt6833, Mt6833p, Mt6835, Mt6853, Mt6853t, Mt6855, Mt6873, Mt6875, Mt6877, Mt6877t, Mt6878, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895t, Mt6896, Mt6897, Mt6980, Mt6980d, Mt6983t, Mt6983w, Mt6983z, Mt6985, Mt6985t, Mt6989, Mt6990
Vendor
CVE Published:
2 January 2024

What is CVE-2023-32889?

The vulnerability in MediaTek's Modem IMS Call UA is characterized by a potential out of bounds write, resulting from a missing bounds check. This flaw may allow unauthorized remote denial of service attacks without requiring any user interaction or elevated privileges. The issue can affect the integrity and availability of systems leveraging the affected product. To enhance security, it is essential to apply the provided patch (ID: MOLY01161825) at the earliest opportunity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT2735, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990 Modem NR15, NR16, and NR17

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.