Preface: A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Background: An RLC PDU (Protocol Data Unit) consists of an RLC header and data. From an upper layer, RLC receives an RLC SDU (Service Data Unit). The data part of an RLC PDU is either a complete RLC SDU or an SDU segment. A single RLC PDU maps to a single MAC SDU . RLC has three transmission modes: TM , UM and AM .
Vulnerability details: In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation.
Official announcement: Please refer to the link for details – https://corp.mediatek.com/product-security-bulletin/November-2023