CVE-2023-32845

HIGH

Mediatek Nr15 - Reachable Assertion

Title source: rule

Description

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).

References (1)

[Vendor Advisory] https://corp.mediatek.com/product-security-bulletin/December-2023

Scores

CVSS v3 7.5

EPSS 0.0327

EPSS Percentile 87.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (3)

mediatek/nr15

mediatek/nr16

mediatek/nr17

Published Dec 04, 2023

Tracked Since Feb 18, 2026