CVE-2023-32842

HIGH

MediaTek NR15 NR16 NR17 - Remote Denial of Service via Malformed RRC Message

Title source: llm

Description

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).

References (1)

Core 1

Core References

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/December-2023

Scores

CVSS v3 7.5

EPSS 0.0135

EPSS Percentile 67.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-617

Status published

Products (3)

mediatek/nr15

mediatek/nr16

mediatek/nr17

Published Dec 04, 2023

Tracked Since Feb 18, 2026