CVE-2022-21744
Published: 06 July 2022
Summary
CVE-2022-21744 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Lr11. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-21744 is an out-of-bounds write vulnerability in the Modem 2G RR component caused by a missing bounds check. The flaw occurs during decoding of GPRS Packet Neighbour Cell Data (PNCD) when an improper neighbouring cell size is supplied, and it is tracked under Patch ID MOLY00810064 and Issue ID ALPS06641626. The affected software runs in MediaTek modem firmware and carries a CVSS 3.1 score of 9.8.
An unauthenticated network attacker can trigger the flaw remotely with no user interaction or additional execution privileges required. Successful exploitation grants remote code execution on the modem, allowing arbitrary control over cellular processing logic.
MediaTek’s July 2022 product security bulletin lists the issue and directs customers to apply the referenced patch for resolution. The EPSS score has remained flat at 0.0505 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-26908
Vulnerability details
In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional…
more
execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.