Vulnerability Description
In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Lr13 | - |
| Mediatek | Nr15 | - |
| Mediatek | Nr16 | - |
| Mediatek | Nr17 | - |
| Mediatek | Mt2735 | - |
| Mediatek | Mt6779 | - |
| Mediatek | Mt6781 | - |
| Mediatek | Mt6783 | - |
| Mediatek | Mt6785 | - |
| Mediatek | Mt6785T | - |
| Mediatek | Mt6789 | - |
| Mediatek | Mt6813 | - |
| Mediatek | Mt6833 | - |
| Mediatek | Mt6833P | - |
| Mediatek | Mt6835 | - |
| Mediatek | Mt6853 | - |
| Mediatek | Mt6853T | - |
| Mediatek | Mt6855 | - |
| Mediatek | Mt6873 | - |
| Mediatek | Mt6875 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/April-2024
- https://corp.mediatek.com/product-security-bulletin/April-2024
FAQ
What is CVE-2023-32890?
CVE-2023-32890 is a vulnerability with a CVSS score of 7.5 (HIGH). In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not nee...
How severe is CVE-2023-32890?
CVE-2023-32890 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32890?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Lr13, Mediatek Nr15, Mediatek Nr16, Mediatek Nr17, Mediatek Mt2735.