CVE-2024-20003: Input Validation
First published: Mon Feb 05 2024(Updated: )
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| All of | ||
| MediaTek NR15 | ||
| Any of | ||
| MediaTek MT2735 | ||
| MediaTek MT6297 | ||
| MediaTek MT6833 | ||
| MediaTek MT6853 | ||
| MediaTek MT6855 | ||
| MediaTek MT6873 | ||
| MediaTek MT6875T | ||
| MediaTek MT6875T | ||
| MediaTek MT6877 | ||
| MediaTek MT6880 | ||
| MediaTek MT6883 | ||
| MediaTek MT6885 | ||
| MediaTek MT6889 | ||
| MediaTek MT6890 | ||
| MediaTek MT6891 | ||
| MediaTek MT6893 | ||
| MediaTek MT8675 | ||
| MediaTek MT8791 WiFi | ||
| MediaTek MT8791T | ||
| MediaTek MT8797 WiFi |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20003?
CVE-2024-20003 is classified as a denial of service vulnerability that can lead to a system crash.
How do I fix CVE-2024-20003?
To fix CVE-2024-20003, apply the patch identified as MOLY01191612.
What causes CVE-2024-20003?
CVE-2024-20003 is caused by improper input validation in Modem NL1.
Who is affected by CVE-2024-20003?
CVE-2024-20003 affects devices running Google Android and specific MediaTek chipsets.
Is user interaction required to exploit CVE-2024-20003?
No, user interaction is not needed for the exploitation of CVE-2024-20003.
- agent/description
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/event
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/android
- vendor/mediatek
- canonical/mediatek nr15
- canonical/mediatek mt2735
- canonical/mediatek mt6297
- canonical/mediatek mt6833
- canonical/mediatek mt6853
- canonical/mediatek mt6855
- canonical/mediatek mt6873
- canonical/mediatek mt6875t
- canonical/mediatek mt6877
- canonical/mediatek mt6880
- canonical/mediatek mt6883
- canonical/mediatek mt6885
- canonical/mediatek mt6889
- canonical/mediatek mt6890
- canonical/mediatek mt6891
- canonical/mediatek mt6893
- canonical/mediatek mt8675
- canonical/mediatek mt8791 wifi
- canonical/mediatek mt8791t
- canonical/mediatek mt8797 wifi