CVE-2023-32842

HIGH

Mediatek Nr15 - Reachable Assertion

Title source: rule

Description

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).

References (1)

[Vendor Advisory] https://corp.mediatek.com/product-security-bulletin/December-2023

Scores

CVSS v3 7.5

EPSS 0.0539

EPSS Percentile 90.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-617

Status published

Products (3)

mediatek/nr15

mediatek/nr16

mediatek/nr17

Published Dec 04, 2023

Tracked Since Feb 18, 2026