CVE-2026-20461
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
In the Modem module, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote denial of service if a UE connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are needed for exploitation.
Risk Assessment
The risk is a potential remote denial of service (DoS) by forcing the device to connect to a rogue base station, which can disrupt communication and impact service availability.
Recommendation
It is recommended to immediately apply patches MOLY01267281 / MOLY01318201 and update the modem software to the latest version.
Original NVD description (English source)
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267281 / MOLY01318201; Issue ID: MSV-6486.

