CVE-2023-20702 — Google Android vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedNov 6

Latest updateDec 8

Description

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-58wq-3769-jr35: In 5G NRLC, there is a possible invalid memory access due to lack of error handling↗2023-11-06

▶

📋Vendor Advisories

Android

CVE-2023-20702: 5G NRLC↗2023-11-01

▶

🕵️Threat Intelligence

Bleepingcomputer

New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips↗2023-12-08

▶