Lr13

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

mediatek

CWE-787

NVD

Published: 2021-09-09

Updated: 2021-09-21

Summary

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.

Vulnerable Configurations

Part	Description	Count
OS	Mediatek Mediatek Modem Lr12A Mediatek Modem Lr13	2
Hardware	Mediatek Mediatek Mt6739 - Mediatek Mt6761 - Mediatek Mt6762 - Mediatek Mt6762D - Mediatek Mt6762M - Mediatek Mt6763 - Mediatek Mt6765 - Mediatek Mt6765T - Mediatek Mt6767 - Mediatek Mt6768 - Mediatek Mt6769 - Mediatek Mt6769T - Mediatek Mt6769Z - Mediatek Mt6771 - Mediatek Mt6779 - Mediatek Mt6783 - Mediatek Mt6785 - Mediatek Mt6785T -	18

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://corp.mediatek.com/product-security-bulletin/September-2021