First published: Mon Nov 06 2023(Updated: )
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
Credit: security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
All of | ||
Any of | ||
Mediatek Mt6835 | ||
Mediatek Mt6873 | ||
Mediatek Mt6875 | ||
Mediatek Mt6879 | ||
Mediatek Mt6883 | ||
Mediatek Mt6885 | ||
Mediatek Mt6886 | ||
Mediatek Mt6889 | ||
Mediatek Mt6895 | ||
Mediatek Mt6980 | ||
Mediatek Mt6983 | ||
Mediatek Mt6985 | ||
Mediatek Mt6990 | ||
Mediatek Mt8673 | ||
Mediatek Mt8675 | ||
Mediatek Mt8791 | ||
Mediatek Mt8791t | ||
Mediatek Mt8797 | ||
Mediatek Mt8798 | ||
Any of | ||
Mediatek Nr15 | ||
Mediatek Nr16 | ||
Mediatek Nr17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20702 is a vulnerability in 5G NRLC that could lead to remote denial of service due to a possible invalid memory access.
CVE-2023-20702 has a severity rating of 7.5 (high).
CVE-2023-20702 affects Mediatek Nr15, Mediatek Nr16, and Mediatek Nr17.
Google Android is vulnerable to CVE-2023-20702 if it is running on Mediatek Nr15, Mediatek Nr16, or Mediatek Nr17.
To fix CVE-2023-20702, apply the patch with ID MOLY00921261 provided by Mediatek.