Lucene search

MediaTekCVE-2023-20702

HistoryNov 06, 2023 - 4:15 a.m.

CVE-2023-20702

2023-11-0604:15:07

MediaTek

web.nvd.nist.gov

nrlc

cve-2023-20702

denial of service

memory access

security

vulnerability

patch

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.

Affected configurations

Nvd

Node

mediatekmt6835Match-

mediatekmt6873Match-

mediatekmt6875Match-

mediatekmt6879Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6886Match-

mediatekmt6889Match-

mediatekmt6895Match-

mediatekmt6980Match-

mediatekmt6983Match-

mediatekmt6985Match-

mediatekmt6990Match-

mediatekmt8673Match-

mediatekmt8675Match-

mediatekmt8791Match-

mediatekmt8791tMatch-

mediatekmt8797Match-

mediatekmt8798Match-

AND

mediateknr15Match-

mediateknr16Match-

mediateknr17Match-

VendorProductVersionCPE
mediatekmt6835-cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
mediatekmt6873-cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
mediatekmt6875-cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
mediatekmt6879-cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
mediatekmt6883-cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
mediatekmt6885-cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
mediatekmt6886-cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
mediatekmt6889-cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
mediatekmt6895-cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
mediatekmt6980-cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	mt6835	-	cpe:2.3:h:mediatek:mt6835:-:::::::*
mediatek	mt6873	-	cpe:2.3:h:mediatek:mt6873:-:::::::*
mediatek	mt6875	-	cpe:2.3:h:mediatek:mt6875:-:::::::*
mediatek	mt6879	-	cpe:2.3:h:mediatek:mt6879:-:::::::*
mediatek	mt6883	-	cpe:2.3:h:mediatek:mt6883:-:::::::*
mediatek	mt6885	-	cpe:2.3:h:mediatek:mt6885:-:::::::*
mediatek	mt6886	-	cpe:2.3:h:mediatek:mt6886:-:::::::*
mediatek	mt6889	-	cpe:2.3:h:mediatek:mt6889:-:::::::*
mediatek	mt6895	-	cpe:2.3:h:mediatek:mt6895:-:::::::*
mediatek	mt6980	-	cpe:2.3:h:mediatek:mt6980:-:::::::*

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6835, MT6873, MT6875, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6980, MT6983, MT6985, MT6990, MT8673, MT8675, MT8791, MT8791T, MT8797, MT8798",
    "versions": [
      {
        "version": "Modem NR15, NR16, NR17",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/November-2023

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.4%

JSON

Related for CVE-2023-20702