all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2021-32487: Heap Buffer overflow in GSM RRM Channel Release, Cell Selection Indicator

Add to bookmarks
March 10, 2022, midnight |

Taszk Labs on taszk.io labs labs.taszk.io

Summary In this advisory we are disclosing a heap overflow vulnerability in the MediaTek baseband. The vulnerability can be exploited to gain arbitrary code execution in the context of the baseband runtime. The vulnerability was fixed in 2020 in some models, and received a CVE and more widely deployed fix in 2021.
Vulnerability Details When processing the GSM Radio Resource Management Channel Release message, the CSN.1 decoding of the “Cell selection indicator after release of all TCH and SDCCH” information …

buffer buffer overflow channel cve heap buffer overflow overflow release

Visit resource

More from labs.taszk.io / Taszk Labs on taszk.io labs

Full Chain Baseband Exploits, Part 3 4 months, 3 weeks ago | labs.taszk.io
arbitrary code baseband code code execution +14
Full Chain Baseband Exploits, Part 2 4 months, 3 weeks ago | labs.taszk.io
baseband buffer buffer overflow concrete +13
Full Chain Baseband Exploits, Part 1 4 months, 3 weeks ago | labs.taszk.io
application baseband blog blog post +13
CVE-2023-30646: Samsung RIL Heap Buffer Overflow 5 months ago | labs.taszk.io
advisory android arbitrary code baseband +19
CVE-2022-21744: Mediatek Baseband GPRS PNCD Heap Buffer Overflow 5 months ago | labs.taszk.io
advisory arbitrary code baseband buffer +16
CVE-2023-21517: Samsung Baseband LTE ESM TFT Heap Buffer Overflow 5 months ago | labs.taszk.io
advisory arbitrary code baseband buffer +18
CVE-2022-21769: Mediatek CCCI Kernel Driver OOB Read 5 months ago | labs.taszk.io
application baseband cellular communication +23
CVE-2022-21765: Mediatek CCCI Kernel Driver OOB Write 5 months ago | labs.taszk.io
advisory application arbitrary code baseband +20
CVE-2022-21766: Mediatek CCCI Kernel Driver Stack Buffer Overflow 5 months ago | labs.taszk.io
advisory application arbitrary code baseband +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote
View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US
View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA
View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco
View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com
View more jobs