all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-21744: Mediatek Baseband GPRS PNCD Heap Buffer Overflow

Add to bookmarks
Nov. 28, 2023, midnight |

Taszk Labs on taszk.io labs labs.taszk.io

We have identified a new heap buffer overflow vulnerability in Mediatek’s baseband implementation. The vulnerability can be exploited to achieve arbitrary code execution in the baseband runtime.
The vulnerability we are disclosing in this advisory affected a wide range of Mediatek devices, including phones on the newest chipsets (Dimensity 700, 1000, etc). The July 2022 issue of the Mediatek Security Bulletin contains this vulnerability as CVE-2022-21744.
Vulnerability Details The GPRS Packet Neighbour Cell Data (PNCD) message is an optional message …

advisory arbitrary code baseband buffer buffer overflow buffer overflow vulnerability code code execution cve devices etc exploited gprs heap buffer overflow implementation mediatek overflow phones runtime vulnerability

Visit resource

More from labs.taszk.io / Taszk Labs on taszk.io labs

Full Chain Baseband Exploits, Part 3 5 months, 1 week ago | labs.taszk.io
arbitrary code baseband code code execution +14
Full Chain Baseband Exploits, Part 2 5 months, 1 week ago | labs.taszk.io
baseband buffer buffer overflow concrete +13
Full Chain Baseband Exploits, Part 1 5 months, 1 week ago | labs.taszk.io
application baseband blog blog post +13
CVE-2023-30646: Samsung RIL Heap Buffer Overflow 5 months, 3 weeks ago | labs.taszk.io
advisory android arbitrary code baseband +19
CVE-2022-21744: Mediatek Baseband GPRS PNCD Heap Buffer Overflow 5 months, 3 weeks ago | labs.taszk.io
advisory arbitrary code baseband buffer +16
CVE-2023-21517: Samsung Baseband LTE ESM TFT Heap Buffer Overflow 5 months, 3 weeks ago | labs.taszk.io
advisory arbitrary code baseband buffer +18
CVE-2022-21769: Mediatek CCCI Kernel Driver OOB Read 5 months, 3 weeks ago | labs.taszk.io
application baseband cellular communication +23
CVE-2022-21765: Mediatek CCCI Kernel Driver OOB Write 5 months, 3 weeks ago | labs.taszk.io
advisory application arbitrary code baseband +20
CVE-2022-21766: Mediatek CCCI Kernel Driver Stack Buffer Overflow 5 months, 3 weeks ago | labs.taszk.io
advisory application arbitrary code baseband +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com