Possible System Crash Due to Improper Input Validation
CVE-2024-20003

7.5HIGH

Key Information:

Vendor: MediaTek
Status: MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797
Vendor: CVE Published:; 5 February 2024

What is CVE-2024-20003?

A vulnerability identified in MediaTek's Modem NL1 stems from inadequate input validation, which can cause the system to crash. When an invalid NR RRC Connection Setup message is transmitted, it can lead to a remote denial of service without requiring additional execution privileges or user interaction. This presents a significant risk to system integrity and availability, emphasizing the need for immediate attention and patching to prevent exploitation.

Affected Version(s)

MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797 Modem NR15

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Nov 2, 2023