CVE-2026-20458
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
In the Modem module, a possible memory corruption due to a missing bounds check could lead to remote escalation of privilege if a UE connects to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not required for exploitation.
Risk Assessment
The risk involves potential remote takeover of the device by an attacker impersonating a legitimate base station, which could compromise data confidentiality, integrity, and network availability.
Recommendation
It is recommended to immediately apply the patch identified as MOLY01402160 and update the modem software to the latest version to eliminate the memory corruption vulnerability.
Original NVD description (English source)
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298.

