The NR modem firmware is vulnerable to a system crash triggered by improper input validation, posing a high risk to 5G network availability.

Similar to other flaws in the NR stack, this vulnerability involves the modem's failure to properly sanitize inputs before processing. An unauthenticated attacker can exploit this via the radio interface to cause the modem software to crash.

Exploitation results in a denial-of-service (DoS) condition, rendering the 5G capabilities of the device unusable until a reboot or service restart occurs. With a CVSS score of 7.5, the vulnerability represents a significant threat to mission-critical 5G communications, potentially leading to operational delays and loss of connectivity.

Immediate Action: Apply the latest firmware security updates from the hardware vendor to resolve the input validation error.

Proactive Monitoring: Review device logs for "modem subsystem crash" events and monitor for patterns of connectivity loss across multiple devices.

Compensating Controls: Utilize device management platforms (MDM) to push firmware updates at scale and enforce security policies on cellular-connected hardware.

Public Exploit Available: false

This vulnerability should be treated with high urgency. Administrators must ensure that all devices utilizing the affected NR modem firmware are updated to the latest version. Regular auditing of firmware versions across the organization’s mobile and IoT assets is recommended to identify and remediate such vulnerabilities promptly.