Cyber Resilience

CVE-2022-21744

Critical

Published: 06 July 2022

Published
06 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0505 90.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-21744 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Lr11. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-21744 is an out-of-bounds write vulnerability in the Modem 2G RR component caused by a missing bounds check. The flaw occurs during decoding of GPRS Packet Neighbour Cell Data (PNCD) when an improper neighbouring cell size is supplied, and it is tracked under Patch ID MOLY00810064 and Issue ID ALPS06641626. The affected software runs in MediaTek modem firmware and carries a CVSS 3.1 score of 9.8.

An unauthenticated network attacker can trigger the flaw remotely with no user interaction or additional execution privileges required. Successful exploitation grants remote code execution on the modem, allowing arbitrary control over cellular processing logic.

MediaTek’s July 2022 product security bulletin lists the issue and directs customers to apply the referenced patch for resolution. The EPSS score has remained flat at 0.0505 with no material increase since disclosure.

EU & UK References

Vulnerability details

In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional…

more

execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mediatek
lr11
all versions
mediatek
lr12
all versions
mediatek
lr12a
all versions
mediatek
lr13
all versions
mediatek
lr9
all versions
mediatek
nr15
all versions
mediatek
nr16
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References