CVE-2023-20702
First published: Mon Nov 06 2023(Updated: )
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| All of | ||
| Any of | ||
| Mediatek Mt6835 | ||
| Mediatek Mt6873 | ||
| Mediatek Mt6875 | ||
| Mediatek Mt6879 | ||
| Mediatek Mt6883 | ||
| Mediatek Mt6885 | ||
| Mediatek Mt6886 | ||
| Mediatek Mt6889 | ||
| Mediatek Mt6895 | ||
| Mediatek Mt6980 | ||
| Mediatek Mt6983 | ||
| Mediatek Mt6985 | ||
| Mediatek Mt6990 | ||
| Mediatek Mt8673 | ||
| Mediatek Mt8675 | ||
| Mediatek Mt8791 | ||
| Mediatek Mt8791t | ||
| Mediatek Mt8797 | ||
| Mediatek Mt8798 | ||
| Any of | ||
| Mediatek Nr15 | ||
| Mediatek Nr16 | ||
| Mediatek Nr17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-20702?
CVE-2023-20702 is a vulnerability in 5G NRLC that could lead to remote denial of service due to a possible invalid memory access.
How severe is CVE-2023-20702?
CVE-2023-20702 has a severity rating of 7.5 (high).
Which software is affected by CVE-2023-20702?
CVE-2023-20702 affects Mediatek Nr15, Mediatek Nr16, and Mediatek Nr17.
Is Google Android vulnerable to CVE-2023-20702?
Google Android is vulnerable to CVE-2023-20702 if it is running on Mediatek Nr15, Mediatek Nr16, or Mediatek Nr17.
How can CVE-2023-20702 be fixed?
To fix CVE-2023-20702, apply the patch with ID MOLY00921261 provided by Mediatek.
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/google android
- vendor/mediatek
- canonical/mediatek mt6835
- canonical/mediatek mt6873
- canonical/mediatek mt6875
- canonical/mediatek mt6879
- canonical/mediatek mt6883
- canonical/mediatek mt6885
- canonical/mediatek mt6886
- canonical/mediatek mt6889
- canonical/mediatek mt6895
- canonical/mediatek mt6980
- canonical/mediatek mt6983
- canonical/mediatek mt6985
- canonical/mediatek mt6990
- canonical/mediatek mt8673
- canonical/mediatek mt8675
- canonical/mediatek mt8791
- canonical/mediatek mt8791t
- canonical/mediatek mt8797
- canonical/mediatek mt8798
- canonical/mediatek nr15
- canonical/mediatek nr16
- canonical/mediatek nr17