CVE-2024-39432

Name of the Vulnerable Software and Affected Versions Unisoc versions prior to UIS7862A

Description A flaw exists in the UMTS RLC driver related to an out-of-bounds read due to a missing bounds check. This issue could allow a remote attacker to cause a denial of service. Exploitation may require System execution privileges. Researchers have demonstrated the ability to compromise a modem within a vehicle's head unit, potentially leading to remote code execution and full system compromise. The vulnerability, identified as CVE-2024-39432, involves a stack buffer overflow in the 3G RLC protocol implementation. This allows for remote code execution even before security mechanisms are activated. Further exploitation can enable access to the Application Processor (AP) and ultimately, the execution of arbitrary code with the highest privileges. The affected chipsets are found in Chinese and domestic mobile devices, as well as head units in modern Chinese automobiles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.