CVE-2022-26446

HIGH

MediaTek LR12A, LR13, NR15, NR16 - Denial of Service via Improper SIB12 CMAS Message Concatenation

Title source: llm

Description

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.

References (1)

Core 1

Core References

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/November-2022

Scores

CVSS v3 7.5

EPSS 0.0090

EPSS Percentile 76.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (4)

mediatek/lr12a

mediatek/lr13

mediatek/nr15

mediatek/nr16

Published Nov 08, 2022

Tracked Since Feb 18, 2026