ASR Out-of-Bounds Write Vulnerability in LTE Telephony on Multiple Linux Distributions

Vulnerability

A high-severity out-of-bounds write vulnerability has been identified in the ASR180x cellular baseband chip, specifically within the LTE telephony component. This issue, which may lead to a buffer underrun, affects several Linux distributions, including Falcon_Linux, Kestrel, and Lapwing_Linux, prior to version 1536. The vulnerability is linked to the AT command server's device API.

Impact

Exploitation of this vulnerability may cause a buffer underrun, potentially leading to undefined behavior in the application, such as memory corruption or application crashes.

Added: Jul 1, 2025, 11:16 AM

Updated: Jul 1, 2025, 11:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASR Out-of-Bounds Write Vulnerability in LTE Telephony on Multiple Linux Distributions

Vulnerability

Impact

Affected Products

ASR180x

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating