CVE-2021-32486

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/September-2021	Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/September-2021	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:mediatek:modem:lr12a:::::::*
	cpe:2.3:o:mediatek:modem:lr13:::::::*

OR	cpe:2.3:h:mediatek:mt6739:-:::::::*
	cpe:2.3:h:mediatek:mt6761:-:::::::*
	cpe:2.3:h:mediatek:mt6762:-:::::::*
	cpe:2.3:h:mediatek:mt6762d:-:::::::*
	cpe:2.3:h:mediatek:mt6762m:-:::::::*
	cpe:2.3:h:mediatek:mt6763:-:::::::*
	cpe:2.3:h:mediatek:mt6765:-:::::::*
	cpe:2.3:h:mediatek:mt6765t:-:::::::*
	cpe:2.3:h:mediatek:mt6767:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6769:-:::::::*
	cpe:2.3:h:mediatek:mt6769t:-:::::::*
	cpe:2.3:h:mediatek:mt6769z:-:::::::*
	cpe:2.3:h:mediatek:mt6771:-:::::::*
	cpe:2.3:h:mediatek:mt6779:-:::::::*
	cpe:2.3:h:mediatek:mt6783:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6785t:-:::::::*

History

21 Nov 2024, 06:07

Type	Values Removed	Values Added
References	~~() https://corp.mediatek.com/product-security-bulletin/September-2021 - Vendor Advisory~~	() https://corp.mediatek.com/product-security-bulletin/September-2021 - Vendor Advisory

21 Sep 2021, 19:40

Type	Values Removed	Values Added
References	~~(MISC) https://corp.mediatek.com/product-security-bulletin/September-2021 -~~	(MISC) https://corp.mediatek.com/product-security-bulletin/September-2021 - Vendor Advisory
CPE		cpe:2.3:h:mediatek:mt6767:-:::::::* cpe:2.3:h:mediatek:mt6761:-:::::::* cpe:2.3:h:mediatek:mt6739:-:::::::* cpe:2.3:h:mediatek:mt6765:-:::::::* cpe:2.3:h:mediatek:mt6762m:-:::::::* cpe:2.3:h:mediatek:mt6769:-:::::::* cpe:2.3:h:mediatek:mt6785t:-:::::::* cpe:2.3:h:mediatek:mt6783:-:::::::* cpe:2.3:h:mediatek:mt6765t:-:::::::* cpe:2.3:h:mediatek:mt6785:-:::::::* cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt6769z:-:::::::* cpe:2.3:h:mediatek:mt6771:-:::::::* cpe:2.3:h:mediatek:mt6763:-:::::::* cpe:2.3:o:mediatek:modem:lr13:::::::* cpe:2.3:h:mediatek:mt6779:-:::::::* cpe:2.3:h:mediatek:mt6769t:-:::::::* cpe:2.3:h:mediatek:mt6762:-:::::::* cpe:2.3:o:mediatek:modem:lr12a:::::::* cpe:2.3:h:mediatek:mt6762d:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.8 v3 : 7.5
CWE		CWE-787

09 Sep 2021, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-09 16:15

Updated : 2024-11-21 06:07

NVD link : CVE-2021-32486

Mitre link : CVE-2021-32486

CVE.ORG link : CVE-2021-32486

JSON object : View

Products Affected

mediatek

mt6785
modem
mt6768
mt6771
mt6769z
mt6779
mt6765t
mt6762d
mt6767
mt6785t
mt6761
mt6762m
mt6783
mt6769
mt6763
mt6762
mt6769t
mt6739
mt6765

CWE

CWE-787

Out-of-bounds Write

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-32486

7.5^/10

7.8^/10

Attach tags to `CVE-2021-32486`