cbcvebase.
CVE-2022-21744
published 2022-07-06

CVE-2022-21744: In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.56%
83.2th percentile
In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626.

Affected

1 ranges
VendorProductVersion rangeFixed in
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Target the GPRS Packet Neighbour Cell Data (PNCD) decoding path in Modem 2G RR for out-of-bounds write detection; exploit is delivered over-the-air with no user interaction required (0-click, remote)
  • Reference patch ID MOLY00810064 and Android issue A-231281131 when triaging affected MediaTek modem firmware versions to confirm patch status
  • Monitor for anomalous or malformed GPRS/2G radio-layer signalling (RR layer) messages, particularly PNCD messages with oversized or malformed neighbouring cell data fields, which could indicate exploitation attempts against unpatched modems
  • ·Vulnerability is in the MediaTek modem baseband (Modem 2G RR component), not in the Android OS userspace; detection and patching must target modem firmware, not the Android application layer
  • ·Exploitation requires no privileges and no user interaction, making this a fully remote, zero-click attack vector over the cellular (2G/GPRS) air interface; devices within radio range of a malicious base station are at risk
  • ·The fix is tracked under patch ID MOLY00810064 (MediaTek) and Android reference A-231281131; verify modem firmware includes this patch before considering a device remediated

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.