Possible System Crash Due to Improper Input Validation
CVE-2024-20004

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt2735, Mt6297, Mt6833, Mt6853, Mt6855, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6880, Mt6883, Mt6885, Mt6889, Mt6890, Mt6891, Mt6893, Mt8675, Mt8791, Mt8791t, Mt8797
Vendor: CVE Published:; 5 February 2024

Summary

The vulnerability in MediaTek's Modem NL1 arises from improper input validation, which could allow an attacker to cause a system crash. This vulnerability is exploited by sending an invalid NR RRC Connection Setup message, resulting in a remote denial of service. No additional privileges or user interaction are required for this exploitation, making it particularly concerning for users of the Modem NL1. Affected users can reference the provided patch ID MOLY01191612 to mitigate the issue.

Affected Version(s)

MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797 Modem NR15

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Nov 2, 2023