CVE-2023-20702

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mediateknr15
-
mediateknr16
-
mediateknr17
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mediatekmt6835
𝑥
≤ *
ADP
mediatekmt6873
𝑥
≤ *
ADP
mediatekmt6875
𝑥
≤ *
ADP
mediatekmt6879
𝑥
≤ *
ADP
mediatekmt6883
𝑥
≤ *
ADP
mediatekmt6885
𝑥
≤ *
ADP
mediatekmt6886
𝑥
≤ *
ADP
mediatekmt6889
𝑥
≤ *
ADP
mediatekmt6895
𝑥
≤ *
ADP
mediatekmt6980
𝑥
≤ *
ADP
mediatekmt6983
𝑥
≤ *
ADP
mediatekmt6985
𝑥
≤ *
ADP
mediatekmt6990
𝑥
≤ *
ADP
mediatekmt8673
𝑥
≤ *
ADP
mediatekmt8675
𝑥
≤ *
ADP
mediatekmt8791
𝑥
≤ *
ADP
mediatekmt8791t
𝑥
≤ *
ADP
mediatekmt8797
𝑥
≤ *
ADP
mediatekmt8798
𝑥
≤ *
ADP
References
https://corp.mediatek.com/product-security-bulletin/November-2023
https://corp.mediatek.com/product-security-bulletin/November-2023