In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.
The vulnerability consists of a missing bounds check during memory operations in the Modem component, leading to memory corruption. An attacker can remotely send specially crafted data that triggers the vulnerability without any user interaction. According to CWE-119 classification, this is improper restriction of operations within a memory buffer.
An attacker can achieve remote code execution (RCE) at the modem component level without any additional privileges, which may result in complete takeover of the modem process and potential access to sensitive data.
Apply patch with identifier MOLY01182594 (Issue ID: MSV-1529) according to the MediaTek security bulletin from August 2024 available at the address indicated in the manufacturer's references. OEM device manufacturers should immediately include the fix in software updates for their products.
MediaTek NR15, NR16, NR17, MT2735, MT2737 — devices equipped with the mentioned modem chipsets
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediatek Mt2735
HWMediatekwszystkie wersjeMediatek Mt2737
HWMediatekwszystkie wersjeMediatek Mt6833
HWMediatekwszystkie wersjeMediatek Mt6835
HWMediatekwszystkie wersjeMediatek Mt6835t
HWMediatekwszystkie wersjeMediatek Mt6853
HWMediatekwszystkie wersjeMediatek Mt6855
HWMediatekwszystkie wersjeMediatek Mt6873
HWMediatekwszystkie wersjeMediatek Mt6875
HWMediatekwszystkie wersjeMediatek Mt6875t
HWMediatekwszystkie wersjeMediatek Mt6877
HWMediatekwszystkie wersjeMediatek Mt6879
HWMediatekwszystkie wersjeMediatek Mt6880
HWMediatekwszystkie wersjeMediatek Mt6883
HWMediatekwszystkie wersjeMediatek Mt6885
HWMediatekwszystkie wersjeMediatek Mt6886
HWMediatekwszystkie wersjeMediatek Mt6889
HWMediatekwszystkie wersjeMediatek Mt6890
HWMediatekwszystkie wersjeMediatek Mt6891
HWMediatekwszystkie wersjeMediatek Mt6893
HWMediatekwszystkie wersjeMediatek Mt6895
HWMediatekwszystkie wersjeMediatek Mt6895tt
HWMediatekwszystkie wersjeMediatek Mt6896
HWMediatekwszystkie wersjeMediatek Mt6897
HWMediatekwszystkie wersjeMediatek Mt6980
HWMediatekwszystkie wersjeMediatek Mt6980d
HWMediatekwszystkie wersjeMediatek Mt6983
HWMediatekwszystkie wersjeMediatek Mt6985
HWMediatekwszystkie wersjeMediatek Mt6989
HWMediatekwszystkie wersjeMediatek Mt6990
HWMediatekwszystkie wersje
Related vulnerabilities
Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation
Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek
Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation
Brak weryfikacji uprawnień w sterowniku WLAN AP MediaTek — zdalne eskalowanie przywilejów
RCE w usłudze WLAN MediaTek — błędne sprawdzenie granic zapisu (out of bounds write)