All the vulnerabilites related to mediatek - mt2713
cve-2023-20790
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:35
Severity ?
EPSS score ?
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:35:07.250648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:35:32.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT2737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:22.382Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20790",
"datePublished": "2023-08-07T03:21:22.382Z",
"dateReserved": "2022-10-28T02:03:10.778Z",
"dateUpdated": "2024-10-17T14:35:32.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20006
Vulnerability from cvelistv5
Published
2024-02-05 05:59
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6781, MT6880, MT6890, MT8188T |
Version: Android 11.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6781",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6880",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6890",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188t",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-20006",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-10T05:01:40.487385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:54.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6781, MT6880, MT6890, MT8188T",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T05:59:26.595Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2024-20006",
"datePublished": "2024-02-05T05:59:26.595Z",
"dateReserved": "2023-11-02T13:35:35.147Z",
"dateUpdated": "2024-08-01T21:52:31.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20803
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 15:14
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yocto",
"vendor": "linuxfoundation",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:59:45.539222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:14:20.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:44.390Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20803",
"datePublished": "2023-08-07T03:21:44.390Z",
"dateReserved": "2022-10-28T02:03:23.671Z",
"dateUpdated": "2024-10-22T15:14:20.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20786
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-12-04 15:14
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8362A, MT8365, MT8673 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T15:13:52.652027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:14:25.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8362A, MT8365, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:12.540Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20786",
"datePublished": "2023-08-07T03:21:12.540Z",
"dateReserved": "2022-10-28T02:03:10.777Z",
"dateUpdated": "2024-12-04T15:14:25.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32884
Vulnerability from cvelistv5
Published
2024-01-02 02:49
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8192, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8696, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8192, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8696, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T02:49:56.354Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32884",
"datePublished": "2024-01-02T02:49:56.354Z",
"dateReserved": "2023-05-16T03:04:32.173Z",
"dateUpdated": "2024-08-02T15:32:46.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20850
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-01 17:38
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yocto",
"vendor": "linuxfoundation",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iot_yocto",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "23.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T17:22:21.552027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T17:38:18.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:05.423Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20850",
"datePublished": "2023-09-04T02:28:05.423Z",
"dateReserved": "2022-10-28T02:03:23.696Z",
"dateUpdated": "2024-10-01T17:38:18.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20825
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:38
Severity ?
EPSS score ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:38:03.399534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:38:20.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:23.998Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20825",
"datePublished": "2023-09-04T02:27:23.998Z",
"dateReserved": "2022-10-28T02:03:23.682Z",
"dateUpdated": "2024-10-10T15:38:20.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20848
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-21 17:29
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8781",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 11.0"
},
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Linux 6.1"
},
{
"status": "affected",
"version": "IOT-v23.0"
},
{
"status": "affected",
"version": "Yocto 4.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:36.906817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T17:29:46.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:02.171Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20848",
"datePublished": "2023-09-04T02:28:02.171Z",
"dateReserved": "2022-10-28T02:03:23.696Z",
"dateUpdated": "2024-10-21T17:29:46.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32847
Vulnerability from cvelistv5
Published
2023-12-04 03:45
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:45.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/December-2023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T03:45:41.985Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32847",
"datePublished": "2023-12-04T03:45:41.985Z",
"dateReserved": "2023-05-16T03:04:32.155Z",
"dateUpdated": "2024-08-02T15:32:45.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20798
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:31
Severity ?
EPSS score ?
Summary
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:30:56.120536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:31:09.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:34.035Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20798",
"datePublished": "2023-08-07T03:21:34.035Z",
"dateReserved": "2022-10-28T02:03:10.781Z",
"dateUpdated": "2024-10-17T14:31:09.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32825
Vulnerability from cvelistv5
Published
2023-11-06 03:50
Modified
2024-09-05 15:08
Severity ?
EPSS score ?
Summary
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT7921, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8390, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798 |
Version: Android 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:07:57.656951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:08:03.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT7921, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8390, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T03:50:56.000Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32825",
"datePublished": "2023-11-06T03:50:56.000Z",
"dateReserved": "2023-05-16T03:04:32.149Z",
"dateUpdated": "2024-09-05T15:08:03.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32838
Vulnerability from cvelistv5
Published
2023-11-06 03:50
Modified
2024-09-05 15:13
Severity ?
EPSS score ?
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6983, MT8188, MT8195, MT8390, MT8395, MT8673, MT8798 |
Version: Android 11.0, 12.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:44.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8390",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8798",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "12.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:13:11.795433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:13:19.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6983, MT8188, MT8195, MT8390, MT8395, MT8673, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T03:50:53.147Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32838",
"datePublished": "2023-11-06T03:50:53.147Z",
"dateReserved": "2023-05-16T03:04:32.152Z",
"dateUpdated": "2024-09-05T15:13:19.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20839
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:13
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:33.383673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:13:11.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:47.001Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20839",
"datePublished": "2023-09-04T02:27:47.001Z",
"dateReserved": "2022-10-28T02:03:23.690Z",
"dateUpdated": "2024-10-08T20:13:11.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32814
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:11
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:20.400550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:11:58.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:23.879Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32814",
"datePublished": "2023-09-04T02:28:23.879Z",
"dateReserved": "2023-05-16T03:04:32.146Z",
"dateUpdated": "2024-10-08T20:11:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20807
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-15 19:54
Severity ?
EPSS score ?
Summary
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:50:33.104208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:54:51.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:52.814Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20807",
"datePublished": "2023-08-07T03:21:52.814Z",
"dateReserved": "2022-10-28T02:03:23.672Z",
"dateUpdated": "2024-10-15T19:54:51.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32816
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:11
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:16.349452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:11:44.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:27.217Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32816",
"datePublished": "2023-09-04T02:28:27.217Z",
"dateReserved": "2023-05-16T03:04:32.147Z",
"dateUpdated": "2024-10-08T20:11:44.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20806
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:33
Severity ?
EPSS score ?
Summary
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:25:59.271346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:33:52.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:50.672Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20806",
"datePublished": "2023-08-07T03:21:50.672Z",
"dateReserved": "2022-10-28T02:03:23.671Z",
"dateUpdated": "2024-10-17T14:33:52.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32812
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-21 18:03
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365 |
Version: Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8365",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
},
{
"status": "affected",
"version": "OpenWrt 1907"
},
{
"status": "affected",
"version": "OpenWrt 2102"
},
{
"status": "affected",
"version": "Yocto 2.6"
},
{
"status": "affected",
"version": "RDK-B 22Q3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:34.549974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:03:30.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:20.521Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32812",
"datePublished": "2023-09-04T02:28:20.521Z",
"dateReserved": "2023-05-16T03:04:32.146Z",
"dateUpdated": "2024-10-21T18:03:30.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20824
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:38
Severity ?
EPSS score ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:38:43.283177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:38:54.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:22.373Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20824",
"datePublished": "2023-09-04T02:27:22.373Z",
"dateReserved": "2022-10-28T02:03:23.679Z",
"dateUpdated": "2024-10-10T15:38:54.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20804
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 15:14
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yocto",
"vendor": "linuxfoundation",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:59:35.581255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:14:08.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:46.656Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20804",
"datePublished": "2023-08-07T03:21:46.656Z",
"dateReserved": "2022-10-28T02:03:23.671Z",
"dateUpdated": "2024-10-22T15:14:08.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32809
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI |
Version: Android 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:15.636Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32809",
"datePublished": "2023-09-04T02:28:15.636Z",
"dateReserved": "2023-05-16T03:04:32.145Z",
"dateUpdated": "2024-08-02T15:25:37.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32811
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-01 18:15
Severity ?
EPSS score ?
Summary
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yocto",
"vendor": "linuxfoundation",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iot_yocto",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "23.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "13.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:07:49.242266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:15:59.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:18.886Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32811",
"datePublished": "2023-09-04T02:28:18.886Z",
"dateReserved": "2023-05-16T03:04:32.146Z",
"dateUpdated": "2024-10-01T18:15:59.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32810
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT5221, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6890, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8365, MT8385, MT8518S, MT8532, MT8666, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 12.0, 13.0 / RDK-B 22Q3 / Linux4.19 / Yocto 3.1, 3.3, 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT5221, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6890, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8365, MT8385, MT8518S, MT8532, MT8666, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / RDK-B 22Q3 / Linux4.19 / Yocto 3.1, 3.3, 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:17.305Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32810",
"datePublished": "2023-09-04T02:28:17.305Z",
"dateReserved": "2023-05-16T03:04:32.146Z",
"dateUpdated": "2024-08-02T15:25:37.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32822
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-23 15:23
Severity ?
EPSS score ?
Summary
In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/October-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6739",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6761",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6762",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6765",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6768",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6769",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6771",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6779",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6781",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6833",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6835",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6855",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6877",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6883",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6885",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6886",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6889",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6891",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6893",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6985",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167s",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8168",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8175",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8321",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8362a",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8365",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8385",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8390",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8765",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8766",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8768",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8781",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8786",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8788",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8789",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8791",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8797",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8798",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T15:21:42.816055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:23:49.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T02:05:31.556Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/October-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32822",
"datePublished": "2023-10-02T02:05:31.556Z",
"dateReserved": "2023-05-16T03:04:32.148Z",
"dateUpdated": "2024-09-23T15:23:49.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20821
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 17:06
Severity ?
EPSS score ?
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT2735, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 11.0, 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2735",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6833",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6835",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6853",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6855",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6873",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6875",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6877",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6880",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6883",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6885",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6886",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6889",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6890",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6891",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6893",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6980",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6985",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6990",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167s",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8168",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8173",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8175",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8185",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8321",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8362a",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8365",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8385",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8666",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8675",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8765",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8766",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8768",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8781",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8786",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8788",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8789",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8791",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8791t",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8797",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T17:04:56.340129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:06:16.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:17.577Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20821",
"datePublished": "2023-09-04T02:27:17.577Z",
"dateReserved": "2022-10-28T02:03:23.673Z",
"dateUpdated": "2024-10-10T17:06:16.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20841
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 17:25
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 11.0"
},
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Linux 6.1"
},
{
"status": "affected",
"version": "IOT-v23.0"
},
{
"status": "affected",
"version": "Yocto 4.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:39.302243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T17:25:15.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:50.280Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20841",
"datePublished": "2023-09-04T02:27:50.280Z",
"dateReserved": "2022-10-28T02:03:23.690Z",
"dateUpdated": "2024-10-21T17:25:15.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20849
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-01 18:58
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yocto",
"vendor": "linuxfoundation",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iot_yocto",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "23.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:46:24.279622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:58:38.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:03.822Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20849",
"datePublished": "2023-09-04T02:28:03.822Z",
"dateReserved": "2022-10-28T02:03:23.696Z",
"dateUpdated": "2024-10-01T18:58:38.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32808
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI |
Version: Android 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:14.025Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32808",
"datePublished": "2023-09-04T02:28:14.025Z",
"dateReserved": "2023-05-16T03:04:32.145Z",
"dateUpdated": "2024-08-02T15:25:37.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32813
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:12
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:21.839774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:12:06.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:22.213Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32813",
"datePublished": "2023-09-04T02:28:22.213Z",
"dateReserved": "2023-05-16T03:04:32.146Z",
"dateUpdated": "2024-10-08T20:12:06.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32839
Vulnerability from cvelistv5
Published
2023-11-06 03:50
Modified
2024-09-05 15:10
Severity ?
EPSS score ?
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6983, MT8188, MT8195, MT8673, MT8798 |
Version: Android 11.0, 12.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8798",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "12.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-32839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:09:17.380908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:10:07.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6983, MT8188, MT8195, MT8673, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T03:50:54.573Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32839",
"datePublished": "2023-11-06T03:50:54.573Z",
"dateReserved": "2023-05-16T03:04:32.153Z",
"dateUpdated": "2024-09-05T15:10:07.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20805
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 15:13
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:40.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8188",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8395",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yocto",
"vendor": "linuxfoundation",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:59:23.445486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:13:53.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T03:21:48.680Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20805",
"datePublished": "2023-08-07T03:21:48.680Z",
"dateReserved": "2022-10-28T02:03:23.671Z",
"dateUpdated": "2024-10-22T15:13:53.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32883
Vulnerability from cvelistv5
Published
2024-01-02 02:49
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 |
Version: Android 12.0, 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:32:46.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T02:49:54.424Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32883",
"datePublished": "2024-01-02T02:49:54.424Z",
"dateReserved": "2023-05-16T03:04:32.173Z",
"dateUpdated": "2024-08-02T15:32:46.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32817
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:39
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:15.323540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:39:56.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:28.890Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32817",
"datePublished": "2023-09-04T02:28:28.890Z",
"dateReserved": "2023-05-16T03:04:32.147Z",
"dateUpdated": "2024-10-08T20:39:56.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20838
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:13
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:34.514344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:13:21.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:45.442Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20838",
"datePublished": "2023-09-04T02:27:45.442Z",
"dateReserved": "2022-10-28T02:03:23.690Z",
"dateUpdated": "2024-10-08T20:13:21.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20842
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 17:28
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8673",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "Android 11.0"
},
{
"status": "affected",
"version": "Android 12.0"
},
{
"status": "affected",
"version": "Linux 6.1"
},
{
"status": "affected",
"version": "IOT-v23.0"
},
{
"status": "affected",
"version": "Yocto 4.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:38.065535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T17:28:33.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing\u00a0valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:51.965Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20842",
"datePublished": "2023-09-04T02:27:51.965Z",
"dateReserved": "2022-10-28T02:03:23.691Z",
"dateUpdated": "2024-10-21T17:28:33.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20830
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:25
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8195, MT8362A, MT8365, MT8781 |
Version: Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:14:41.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2713",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt2735",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6761",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6762",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6765",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6768",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6769",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6779",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6833",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6835",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6853",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6853t",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6855",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6873",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6875",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6877",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6879",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6880",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6883",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6885",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6886",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6889",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6890",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6891",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6893",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6895",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6980",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6983",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6985",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6990",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8167s",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8168",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8173",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8195",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8362a",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8365",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt8781",
"vendor": "mediatek",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
},
{
"status": "affected",
"version": "13.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:24:46.560034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:25:53.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8195, MT8362A, MT8365, MT8781",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:27:32.386Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-20830",
"datePublished": "2023-09-04T02:27:32.386Z",
"dateReserved": "2022-10-28T02:03:23.685Z",
"dateUpdated": "2024-10-10T15:25:53.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32815
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:11
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8188T, MT8195, MT8365 |
Version: Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:37.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:00:17.767811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T20:11:52.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8188T, MT8195, MT8365",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-04T02:28:25.569Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2023-32815",
"datePublished": "2023-09-04T02:28:25.569Z",
"dateReserved": "2023-05-16T03:04:32.146Z",
"dateUpdated": "2024-10-08T20:11:52.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384."
}
],
"id": "CVE-2023-20804",
"lastModified": "2024-11-21T07:41:33.553",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-07T04:15:13.930",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229."
},
{
"lang": "es",
"value": "En ftm, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07994229; ID del problema: ALPS07994229."
}
],
"id": "CVE-2023-32822",
"lastModified": "2024-11-21T08:04:06.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-02T03:15:09.917",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/October-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/October-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6735 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413."
},
{
"lang": "es",
"value": "En duraspeed, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de comprobaci\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS07951402; ID de la incidencia: ALPS07951413."
}
],
"id": "CVE-2023-20825",
"lastModified": "2024-11-21T07:41:37.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:09.023",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-02 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8192 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8195z | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8696 | - | |
| mediatek | mt8755 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8871 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8192:-:*:*:*:*:*:*:*",
"matchCriteriaId": "422634C7-D280-4664-AEE2-AA5B6723B836",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26573298-76BC-49FE-8D99-CF03ED01B185",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF88096-5CBD-4A4B-8F47-33D38985956F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D09F23D-D023-4A60-B426-61251FDD8A5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5FB550-7264-4879-BAF9-6798949113AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78D4E9E1-B044-41EC-BE98-22DC0E5E9010",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F80793-01B7-403A-A5F4-031F82FAC77A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011."
},
{
"lang": "es",
"value": "En netdagent, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07944011; ID del problema: ALPS07944011."
}
],
"id": "CVE-2023-32884",
"lastModified": "2024-11-21T08:04:16.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-02T03:15:08.303",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible lectura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS08037801; ID de la incidencia: ALPS08037801."
}
],
"id": "CVE-2023-32815",
"lastModified": "2024-11-21T08:04:05.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:13.990",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-06 04:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805."
},
{
"lang": "es",
"value": "En dpe, existe una posible escritura fuera de los l\u00edmites debido a que falta una verificaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07262576; ID del problema: ALPS07262576."
}
],
"id": "CVE-2023-32838",
"lastModified": "2024-11-21T08:04:09.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-06T04:15:08.013",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433."
}
],
"id": "CVE-2023-20807",
"lastModified": "2024-11-21T07:41:34.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T04:15:14.120",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| linux | linux_kernel | 4.19 | |
| mediatek | mt2713 | - | |
| mediatek | mt5221 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8518s | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
"matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418."
},
{
"lang": "es",
"value": "En imgsys, existe una posible lectura fuera de l\u00edmites debido a una condici\u00f3n de carrera. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07326455; ID del problema: ALPS07326418."
}
],
"id": "CVE-2023-20838",
"lastModified": "2024-11-21T07:41:39.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:10.560",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible lectura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS08031947; ID de la incidencia: ALPS08031947. "
}
],
"id": "CVE-2023-32814",
"lastModified": "2024-11-21T08:04:05.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:13.783",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible lectura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS08044040; ID de la incidencia: ALPS08044032. "
}
],
"id": "CVE-2023-32816",
"lastModified": "2024-11-21T08:04:05.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:14.220",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 06:15
Modified
2024-11-21 08:51
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148."
},
{
"lang": "es",
"value": "En da, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477148; ID del problema: ALPS08477148."
}
],
"id": "CVE-2024-20006",
"lastModified": "2024-11-21T08:51:46.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-05T06:15:47.233",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8781wifi | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8791wifi | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8797wifi | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1B2D4B-C7C3-420C-9361-6C056B4BCA9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720F4AA0-6AAE-465F-8F50-F11DD11B5FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD3FB61-EA42-4D3D-9867-7EBCD0B8F647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751."
},
{
"lang": "es",
"value": "En el controlador Bluetooth, existe un posible acceso de lectura y escritura a los registros debido a un control de acceso inadecuado de la interfaz de registro. Esto podr\u00eda conducir a la fuga local de informaci\u00f3n sensible con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS07849751; ID de la incidencia: ALPS07849751."
}
],
"id": "CVE-2023-32808",
"lastModified": "2024-11-21T08:04:04.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:12.840",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076."
}
],
"id": "CVE-2023-20798",
"lastModified": "2024-11-21T07:41:32.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T04:15:13.603",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8673 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811."
}
],
"id": "CVE-2023-20786",
"lastModified": "2024-11-21T07:41:31.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T04:15:12.990",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. No es necesaria la interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS08017365; ID de la incidencia: ALPS08017365. "
}
],
"id": "CVE-2023-32812",
"lastModified": "2024-11-21T08:04:04.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:13.440",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940."
},
{
"lang": "es",
"value": "En audio, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08241940; ID del problema: ALPS08241940."
}
],
"id": "CVE-2023-32847",
"lastModified": "2024-11-21T08:04:10.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-04T04:15:07.663",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/December-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/December-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| linux | linux_kernel | 4.19 | |
| mediatek | mt2713 | - | |
| mediatek | mt5221 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8518s | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
"matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212."
},
{
"lang": "es",
"value": "En el controlador Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda dar lugar a una fuga de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS07867212; ID de la incidencia: LPS07867212. "
}
],
"id": "CVE-2023-32810",
"lastModified": "2024-11-21T08:04:04.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:13.223",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409."
},
{
"lang": "es",
"value": "En imgsys, existe una posible lectura fuera de los l\u00edmites debido a una falta de comprobaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS07326455; ID de la incidencia: ALPS07326409. "
}
],
"id": "CVE-2023-20839",
"lastModified": "2024-11-21T07:41:39.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:10.677",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433."
},
{
"lang": "es",
"value": "En imgsys_cmdq, existe una posible lectura fuera de los l\u00edmites debido a la falta de comprobaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS07340433; ID de la incidencia: ALPS07340433."
}
],
"id": "CVE-2023-20848",
"lastModified": "2024-11-21T07:41:41.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:11.830",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6735 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402."
},
{
"lang": "es",
"value": "En duraspeed, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a la falta de comprobaci\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS07951402; ID de la incidencia: ALPS07951402."
}
],
"id": "CVE-2023-20824",
"lastModified": "2024-11-21T07:41:37.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:08.893",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374."
}
],
"id": "CVE-2023-20803",
"lastModified": "2024-11-21T07:41:33.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-07T04:15:13.867",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n.ID de parche: ALPS08017370; ID del problema: ALPS08017370."
}
],
"id": "CVE-2023-32813",
"lastModified": "2024-11-21T08:04:05.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:13.527",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-06 04:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576."
},
{
"lang": "es",
"value": "En dpe, existe una posible escritura fuera de los l\u00edmites debido a que falta una verificaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07262576; ID del problema: ALPS07262576."
}
],
"id": "CVE-2023-32839",
"lastModified": "2024-11-21T08:04:09.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-06T04:15:08.053",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350."
},
{
"lang": "es",
"value": "En imgsys_cmdq, existe un posible Use After Free debido a una falta de comprobaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS07340433; ID de incidencia: ALPS07340350."
}
],
"id": "CVE-2023-20849",
"lastModified": "2024-11-21T07:41:41.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:11.983",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411."
}
],
"id": "CVE-2023-20805",
"lastModified": "2024-11-21T07:41:33.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-07T04:15:13.993",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441."
},
{
"lang": "es",
"value": "En imgsys, hay una posible escritura fuera de los l\u00edmites debido a una falta de comprobaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS07326455; ID de la incidencia: ALPS07326441. "
}
],
"id": "CVE-2023-20841",
"lastModified": "2024-11-21T07:41:40.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:11.003",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381."
},
{
"lang": "es",
"value": "En imgsys_cmdq, existe una posible escritura fuera de l\u00edmites debido a que falta una verificaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07340433; ID del problema: ALPS07340381."
}
],
"id": "CVE-2023-20850",
"lastModified": "2024-11-21T07:41:41.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:12.033",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 11.0 | ||
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113."
},
{
"lang": "es",
"value": "En nvram, existe una posible escritura fuera de l\u00edmites debido a una inexistente comprobaci\u00f3n de l\u00edmites. Esto podr\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. No es necesaria la interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS07937113; ID de la incidencia: ALPS07937113."
}
],
"id": "CVE-2023-20821",
"lastModified": "2024-11-21T07:41:36.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:08.480",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-02 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249."
},
{
"lang": "es",
"value": "En Engineer Mode, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08282249; ID del problema: ALPS08282249."
}
],
"id": "CVE-2023-32883",
"lastModified": "2024-11-21T08:04:15.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-02T03:15:08.260",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing\u00a0valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477."
},
{
"lang": "es",
"value": "En imgsys_cmdq, existe una posible escritura fuera de l\u00edmites debido a que falta una verificaci\u00f3n de rango v\u00e1lido. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07354259; ID del problema: ALPS07340477."
}
],
"id": "CVE-2023-20842",
"lastModified": "2024-11-21T07:41:40.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:11.163",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8781wifi | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8791wifi | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8797wifi | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1B2D4B-C7C3-420C-9361-6C056B4BCA9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720F4AA0-6AAE-465F-8F50-F11DD11B5FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797wifi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD3FB61-EA42-4D3D-9867-7EBCD0B8F647",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753."
},
{
"lang": "es",
"value": "En bluetooth driver, existe un posible acceso de lectura y escritura a los registros debido a un control de acceso inadecuado de la interfaz de registro. Esto podr\u00eda provocar una fuga local de informaci\u00f3n confidencial que requiera privilegios de ejecuci\u00f3n del sistema. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07849753; ID del problema: ALPS07849753."
}
],
"id": "CVE-2023-32809",
"lastModified": "2024-11-21T08:04:04.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:13.023",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8781 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156."
},
{
"lang": "es",
"value": "En gps, existe una posible escritura fuera de los l\u00edmites debido a una falta de verificaci\u00f3n de los l\u00edmites. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n.ID de parche: ALPS08014144; ID del problema: ALPS08014156."
}
],
"id": "CVE-2023-20830",
"lastModified": "2024-11-21T07:41:38.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:09.650",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437."
}
],
"id": "CVE-2023-20806",
"lastModified": "2024-11-21T07:41:33.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T04:15:14.060",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| linuxfoundation | yocto | 3.3 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt2737 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2A1118-B5F7-4EF5-B329-0887B5F3430E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194."
}
],
"id": "CVE-2023-20790",
"lastModified": "2024-11-21T07:41:32.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T04:15:13.263",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 4.0 | |
| mediatek | iot_yocto | 23.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848."
},
{
"lang": "es",
"value": "En connectivity system driver, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07929848; ID del problema: ALPS07929848."
}
],
"id": "CVE-2023-32811",
"lastModified": "2024-11-21T08:04:04.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-04T03:15:13.387",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035."
},
{
"lang": "es",
"value": "En el servicio gnss, existe una posible lectura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS08044040; ID de la incidencia: ALPS08044035."
}
],
"id": "CVE-2023-32817",
"lastModified": "2024-11-21T08:04:05.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-04T03:15:14.277",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-06 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt7921 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130."
},
{
"lang": "es",
"value": "En el servicio Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07884130; ID del problema: ALPS07884130."
}
],
"id": "CVE-2023-32825",
"lastModified": "2024-11-21T08:04:07.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-06T04:15:07.757",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}