Vulnerabilities > CVE-2023-20702 - Unspecified vulnerability in Mediatek Nr15, Nr16 and Nr17

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

mediatek

NVD

Published: 2023-11-06

Updated: 2024-09-05

Summary

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.

Vulnerable Configurations

Part	Description	Count
OS	Mediatek Mediatek Nr15 - Mediatek Nr16 - Mediatek Nr17 -	3
Hardware	Mediatek Mediatek Mt6835 - Mediatek Mt6873 - Mediatek Mt6875 - Mediatek Mt6879 - Mediatek Mt6883 - Mediatek Mt6885 - Mediatek Mt6886 - Mediatek Mt6889 - Mediatek Mt6895 - Mediatek Mt6980 - Mediatek Mt6983 - Mediatek Mt6985 - Mediatek Mt6990 - Mediatek Mt8673 - Mediatek Mt8675 - Mediatek Mt8791 - Mediatek Mt8791T - Mediatek Mt8797 - Mediatek Mt8798 -	19

References

https://corp.mediatek.com/product-security-bulletin/November-2023