Vulnerabilites related to mediatek - mt8195
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 19:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.", }, ], id: "CVE-2023-20751", lastModified: "2025-01-07T19:15:29.790", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:15.433", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para su explotación. ID del parche: ALPS07354023; ID de la incidencia: ALPS07340098.", }, ], id: "CVE-2023-20846", lastModified: "2024-11-21T07:41:40.960", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:11.637", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-03 03:15
Modified
2025-04-22 13:44
Severity ?
Summary
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/March-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.", }, { lang: "es", value: "En V5 DA, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291215; ID de problema: MSV-2052.", }, ], id: "CVE-2025-20652", lastModified: "2025-04-22T13:44:46.517", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-03-03T03:15:10.060", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 19:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.", }, ], id: "CVE-2023-20749", lastModified: "2025-01-07T19:15:29.377", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:15.023", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.", }, ], id: "CVE-2023-20720", lastModified: "2025-01-24T15:15:09.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:11.313", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860.", }, ], id: "CVE-2023-20706", lastModified: "2025-01-24T20:15:27.920", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.947", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138.", }, { lang: "es", value: "En el display, hay una posible divulgación de información debido a una ausencia de la verificación de los límites. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07993705; ID del problema: ALPS08014138.", }, ], id: "CVE-2023-32819", lastModified: "2024-11-21T08:04:05.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-02T03:15:09.777", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:48
Severity ?
Summary
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", matchCriteriaId: "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", matchCriteriaId: "91DEA745-47A8-43F1-A1B2-F53F651A99EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", matchCriteriaId: "3AB22996-9C22-4B6C-9E94-E4C055D16335", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*", matchCriteriaId: "DD5AA441-5381-4179-89EB-1642120F72B4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*", matchCriteriaId: "140DAC08-96E9-47D3-BC2E-65E999DCFD50", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*", matchCriteriaId: "EA2A6813-7138-441E-A9E4-FF62FCBD797A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*", matchCriteriaId: "27CFC9DF-2F4C-469A-8A19-A260B1134CFE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*", matchCriteriaId: "05525018-AFE0-415C-A71C-A77922C7D637", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*", matchCriteriaId: "490CD97B-021F-4350-AEE7-A2FA866D5889", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*", matchCriteriaId: "40A9E917-4B34-403F-B512-09EEBEA46811", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", matchCriteriaId: "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", matchCriteriaId: "336FC69E-E89F-4642-B6B9-8009D9A2BD52", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.", }, { lang: "es", value: "En el firmware WLAN, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. Esto podría conducir a una escalada remota de privilegios sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08360153 (para conjuntos de chips MT6XXX) / WCNCR00363530 (para conjuntos de chips MT79XX); ID del problema: MSV-979.", }, ], id: "CVE-2024-20040", lastModified: "2025-04-23T13:48:30.197", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:07.847", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.", }, { lang: "es", value: "En apusys, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05687559; ID del Problema: ALPS05687559.", }, ], id: "CVE-2021-0659", lastModified: "2024-11-21T05:43:05.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.717", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediatek | iot_yocto | 23.0 | |
| android | 12.0 | ||
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.", }, { lang: "es", value: "En vpu, existe una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07767817; ID del problema: ALPS07767817.", }, ], id: "CVE-2023-32828", lastModified: "2024-11-21T08:04:07.790", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-02T03:15:10.137", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. Esto podría conducir a una denegación de servicio local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para su explotación. ID del parche: ALPS07354025; ID de la incidencia: ALPS07340108. ", }, ], id: "CVE-2023-20847", lastModified: "2024-11-21T07:41:41.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:11.717", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.", }, ], id: "CVE-2023-20803", lastModified: "2024-11-21T07:41:33.327", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-07T04:15:13.867", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-04 15:20
Severity ?
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.", }, { lang: "es", value: "En DA, existe una posible escritura fuera de los límites debido a un neutra. Esto podría provocar una escalada local de privilegios, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291146; ID de problema: MSV-2057.", }, ], id: "CVE-2025-20642", lastModified: "2025-02-04T15:20:21.300", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:09.333", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.", }, { lang: "es", value: "En imgsys, existe una posible lectura fuera de los límites debido a una falta de comprobación de rango válido. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para la explotación. ID del parche: ALPS07326455; ID de la incidencia: ALPS07326409. ", }, ], id: "CVE-2023-20839", lastModified: "2024-11-21T07:41:39.937", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:10.677", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 03:15
Modified
2025-04-22 20:23
Severity ?
Summary
In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.", }, { lang: "es", value: "En pq, existe una posible condición de escritura en qué y dónde debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08495937; ID del problema: ALPS08495937.", }, ], id: "CVE-2024-20037", lastModified: "2025-04-22T20:23:37.533", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T03:15:07.760", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-08 15:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt7663 | - | |
| mediatek | mt7668 | - | |
| mediatek | mt7902 | - | |
| mediatek | mt7921 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8518 | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8695 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8788 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*", matchCriteriaId: "10C79211-F064-499D-914E-0BACD038FBF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*", matchCriteriaId: "8E400AB9-B82A-4449-8789-35112940270F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", matchCriteriaId: "91DEA745-47A8-43F1-A1B2-F53F651A99EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*", matchCriteriaId: "EE5E73E0-EF8D-4659-B447-66474BC05708", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*", matchCriteriaId: "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.", }, ], id: "CVE-2023-20731", lastModified: "2025-01-08T15:15:10.950", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:12.413", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152.", }, { lang: "es", value: "En mmp, existe una posible corrupción de la memoria debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07342152; ID del problema: ALPS07342152.", }, ], id: "CVE-2023-32866", lastModified: "2024-11-21T08:04:13.787", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.577", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para su explotación. ID del parche: ALPS07354058; ID de la incidencia: ALPS07340121.", }, ], id: "CVE-2023-20844", lastModified: "2024-11-21T07:41:40.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:11.443", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 21:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6789 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.", }, ], id: "CVE-2023-20744", lastModified: "2025-01-07T21:15:11.247", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:14.370", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 20:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6789 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.", }, ], id: "CVE-2023-20745", lastModified: "2025-01-07T20:15:28.547", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:14.563", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-667", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2735 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.", }, { lang: "es", value: "En gps, existe una posible escritura fuera de los límites debido a una falta de verificación de los límites. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08014144; ID del problema: ALPS08013530.", }, ], id: "CVE-2023-20832", lastModified: "2024-11-21T07:41:38.733", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:09.873", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2735 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.", }, { lang: "es", value: "En gps, existe una posible escritura fuera de límites debido a una comprobación de límites omitida. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS08014144; ID de la incidencia: ALPS08014162. ", }, ], id: "CVE-2023-20831", lastModified: "2024-11-21T07:41:38.537", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:09.770", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", matchCriteriaId: "083F6134-FF26-4F1B-9B77-971D342AF774", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.", }, { lang: "es", value: "En el servicio gnss, existe una posible escritura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. No es necesaria la interacción del usuario para la explotación. ID del parche: ALPS08017365; ID de la incidencia: ALPS08017365. ", }, ], id: "CVE-2023-32812", lastModified: "2024-11-21T08:04:04.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:13.440", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5522:-:*:*:*:*:*:*:*", matchCriteriaId: "1C38B265-3EE8-417C-9D59-6182939ED27E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5527:-:*:*:*:*:*:*:*", matchCriteriaId: "69C04171-DB18-40D7-AFC5-04A869942396", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5597:-:*:*:*:*:*:*:*", matchCriteriaId: "FC084C16-6693-4FEA-9BDD-B633EAA3E432", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5598:-:*:*:*:*:*:*:*", matchCriteriaId: "455B256C-83C8-406F-B28F-A4205E7C094E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5599:-:*:*:*:*:*:*:*", matchCriteriaId: "A4FF926A-2D26-4666-ACA4-474A89243566", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*", matchCriteriaId: "FAC84405-17EE-4C25-8477-317F2A6A095F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9285:-:*:*:*:*:*:*:*", matchCriteriaId: "7A7E7D3C-436A-4068-99F1-AFEB34989F69", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*", matchCriteriaId: "4CEEB709-8C7B-48AF-B359-9CE9C68790D5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*", matchCriteriaId: "6081A92B-4361-462A-9F7F-570AC7256CDB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*", matchCriteriaId: "47E5EE7B-1208-4007-AF87-6DC309FFE312", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*", matchCriteriaId: "CA834B63-F689-48BA-84E6-500351990BFD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*", matchCriteriaId: "EF1B3B37-22C4-42F4-8264-07512619D706", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9670:-:*:*:*:*:*:*:*", matchCriteriaId: "FC3E19E5-4DD7-4ECB-A7AE-F501A152078E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*", matchCriteriaId: "046B7E06-8C40-4D37-8D10-4816E51CA143", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*", matchCriteriaId: "CFD9AD54-9F0F-414B-8936-3A981657D6AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*", matchCriteriaId: "F7D78E76-6A3B-4736-B7E7-C9032CDA845B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9931:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB4C96A-A50F-4194-BE9C-BF2DFD3DEB3B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9950:-:*:*:*:*:*:*:*", matchCriteriaId: "31E0E580-A76F-4CFA-BFF2-0F7540C63C3C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.", }, { lang: "es", value: "En asf extractor, se presenta una posible lectura fuera de límites debido a un desbordamiento del búfer de la pila. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05489178; ID del Problema: ALPS05561388.", }, ], id: "CVE-2021-0622", lastModified: "2024-11-21T05:43:02.173", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.230", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:48
Severity ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.", }, { lang: "es", value: "En da, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541784; ID del problema: ALPS08541784.", }, ], id: "CVE-2024-20044", lastModified: "2025-04-23T13:48:08.500", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.053", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.", }, ], id: "CVE-2023-20800", lastModified: "2024-11-21T07:41:32.950", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.667", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.", }, ], id: "CVE-2023-20704", lastModified: "2025-01-24T20:15:27.600", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.870", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.3 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2737 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.", }, { lang: "es", value: "En flashc, existe una posible divulgación de información debido a una excepción no detectada. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541757; ID del problema: ALPS08541757.", }, ], id: "CVE-2024-20049", lastModified: "2025-04-23T13:47:38.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.337", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-248", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 03:15
Modified
2025-04-22 20:36
Severity ?
Summary
In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.", }, { lang: "es", value: "En da, existe una posible escritura fuera de los límites debido a un desbordamiento de enteros. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541686; ID del problema: ALPS08541686.", }, ], id: "CVE-2024-20025", lastModified: "2025-04-22T20:36:54.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T03:15:07.280", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.", }, { lang: "es", value: "En imgsys_cmdq, existe un posible Use After Free debido a una falta de comprobación de rango válido. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. Se necesita la interacción del usuario para la explotación. ID del parche: ALPS07340433; ID de incidencia: ALPS07340350.", }, ], id: "CVE-2023-20849", lastModified: "2024-11-21T07:41:41.347", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:11.983", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9636 | - | |
| mediatek | mt9638 | - | |
| mediatek | mt9639 | - | |
| mediatek | mt9650 | - | |
| mediatek | mt9652 | - | |
| mediatek | mt9669 | - | |
| mediatek | mt9686 | - | |
| mediatek | mt9970 | - | |
| mediatek | mt9980 | - | |
| mediatek | mt9981 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.", }, { lang: "es", value: "En apusys, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672086; ID del Problema: ALPS05672086.", }, ], id: "CVE-2021-0666", lastModified: "2024-11-21T05:43:06.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.897", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-23 22:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304.", }, ], id: "CVE-2023-20700", lastModified: "2025-01-23T22:15:11.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.743", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-02 03:15
Modified
2025-04-17 19:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.", }, { lang: "es", value: "En display drm, existe una posible corrupción de la memoria debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07780685; ID del problema: ALPS07780685.", }, ], id: "CVE-2023-32885", lastModified: "2025-04-17T19:15:55.867", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-01-02T03:15:08.353", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05687781", }, ], id: "CVE-2021-0679", lastModified: "2024-11-21T05:43:08.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.080", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.", }, ], id: "CVE-2023-20805", lastModified: "2024-11-21T07:41:33.770", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-07T04:15:13.993", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-06 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt7921 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.", }, { lang: "es", value: "En el servicio Bluetooth, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07884130; ID del problema: ALPS07884130.", }, ], id: "CVE-2023-32825", lastModified: "2024-11-21T08:04:07.203", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-06T04:15:07.757", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05672003", }, ], id: "CVE-2021-0895", lastModified: "2024-11-21T05:43:13.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.230", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-23 22:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).", }, ], id: "CVE-2023-20694", lastModified: "2025-01-23T22:15:09.850", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.480", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| android | 11.0 | ||
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9636 | - | |
| mediatek | mt9638 | - | |
| mediatek | mt9639 | - | |
| mediatek | mt9650 | - | |
| mediatek | mt9652 | - | |
| mediatek | mt9669 | - | |
| mediatek | mt9686 | - | |
| mediatek | mt9970 | - | |
| mediatek | mt9980 | - | |
| mediatek | mt9981 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05681550; ID del Problema: ALPS05681550.", }, ], id: "CVE-2021-0669", lastModified: "2024-11-21T05:43:06.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:09.053", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", matchCriteriaId: "083F6134-FF26-4F1B-9B77-971D342AF774", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.", }, { lang: "es", value: "En el servicio gnss, existe una posible escritura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación.ID de parche: ALPS08017370; ID del problema: ALPS08017370.", }, ], id: "CVE-2023-32813", lastModified: "2024-11-21T08:04:05.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:13.527", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-02 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8192:-:*:*:*:*:*:*:*", matchCriteriaId: "422634C7-D280-4664-AEE2-AA5B6723B836", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", matchCriteriaId: "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", matchCriteriaId: "26573298-76BC-49FE-8D99-CF03ED01B185", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", matchCriteriaId: "1CF88096-5CBD-4A4B-8F47-33D38985956F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8871:-:*:*:*:*:*:*:*", matchCriteriaId: "E1F80793-01B7-403A-A5F4-031F82FAC77A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.", }, { lang: "es", value: "En netdagent, existe una posible divulgación de información debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07944011; ID del problema: ALPS07944011.", }, ], id: "CVE-2023-32884", lastModified: "2024-11-21T08:04:16.120", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-02T03:15:08.303", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", matchCriteriaId: "1CF88096-5CBD-4A4B-8F47-33D38985956F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", matchCriteriaId: "336FC69E-E89F-4642-B6B9-8009D9A2BD52", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.", }, { lang: "es", value: "En gnss, existe una posible escalada de privilegios debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08580200; ID del problema: ALPS08580200.", }, ], id: "CVE-2024-20054", lastModified: "2025-04-23T13:47:04.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.590", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-08 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt7663 | - | |
| mediatek | mt7668 | - | |
| mediatek | mt7902 | - | |
| mediatek | mt7921 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8518 | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8695 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8788 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*", matchCriteriaId: "10C79211-F064-499D-914E-0BACD038FBF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*", matchCriteriaId: "8E400AB9-B82A-4449-8789-35112940270F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", matchCriteriaId: "91DEA745-47A8-43F1-A1B2-F53F651A99EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*", matchCriteriaId: "EE5E73E0-EF8D-4659-B447-66474BC05708", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*", matchCriteriaId: "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.", }, ], id: "CVE-2023-20732", lastModified: "2025-01-08T15:15:11.213", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:12.563", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05664273; ID del Problema: ALPS05664273.", }, ], id: "CVE-2021-0671", lastModified: "2024-11-21T05:43:07.173", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:09.153", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 17:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853.", }, ], id: "CVE-2023-20703", lastModified: "2025-01-24T17:15:09.593", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.830", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 20:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6789 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.", }, ], id: "CVE-2023-20746", lastModified: "2025-01-07T20:15:28.743", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:14.723", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-667", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.", }, ], id: "CVE-2023-20804", lastModified: "2024-11-21T07:41:33.553", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-07T04:15:13.930", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", matchCriteriaId: "083F6134-FF26-4F1B-9B77-971D342AF774", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", matchCriteriaId: "A4675A09-0147-4690-8AA1-E3802CA1B3EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.", }, { lang: "es", value: "En el servicio gnss, existe una posible lectura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS08037801; ID de la incidencia: ALPS08037801.", }, ], id: "CVE-2023-32815", lastModified: "2024-11-21T08:04:05.323", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:13.990", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-03-13 17:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.", }, { lang: "es", value: "En ccu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita la interacción del usuario para la explotación. ID de parche: ALPS09065033; ID de problema: MSV-1754.", }, ], id: "CVE-2024-20111", lastModified: "2025-03-13T17:15:26.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.567", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-04 02:15
Modified
2024-11-21 07:41
Severity ?
Summary
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.", }, ], id: "CVE-2023-20767", lastModified: "2024-11-21T07:41:29.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-04T02:15:10.340", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.", }, ], id: "CVE-2023-20797", lastModified: "2024-11-21T07:41:32.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-07T04:15:13.537", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-06 04:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.", }, { lang: "es", value: "En dpe, existe una posible escritura fuera de los límites debido a que falta una verificación de rango válido. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07262576; ID del problema: ALPS07262576.", }, ], id: "CVE-2023-32838", lastModified: "2024-11-21T08:04:09.203", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-11-06T04:15:08.013", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.", }, { lang: "es", value: "En display, hay una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07388762; ID del problema: ALPS07388762.", }, ], id: "CVE-2023-32862", lastModified: "2024-11-21T08:04:13.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.397", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| android | 11.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6735 | - | |
| mediatek | mt6737 | - | |
| mediatek | mt6750s | - | |
| mediatek | mt6753 | - | |
| mediatek | mt6755s | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6757c | - | |
| mediatek | mt6757cd | - | |
| mediatek | mt6757ch | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8163 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8735a | - | |
| mediatek | mt8735b | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8735a:-:*:*:*:*:*:*:*", matchCriteriaId: "45A7A805-EFED-47B3-884C-158FF1EECAEC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8735b:-:*:*:*:*:*:*:*", matchCriteriaId: "E1BB519B-9BA4-4D4A-8ED1-CE79E56E70E4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.", }, { lang: "es", value: "En flv extractor, se presenta una posible lectura fuera de límites debido a un desbordamiento del búfer de la pila. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05594988; ID del Problema: ALPS05594988.", }, ], id: "CVE-2021-0624", lastModified: "2024-11-21T05:43:02.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.343", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-15 19:15
Modified
2024-11-21 05:43
Severity ?
Summary
In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@android.com | https://corp.mediatek.com/product-security-bulletin/December-2021 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://corp.mediatek.com/product-security-bulletin/December-2021 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", matchCriteriaId: "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", matchCriteriaId: "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6570:-:*:*:*:*:*:*:*", matchCriteriaId: "975802CC-B130-4CF3-9B8E-A23DEA464259", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750:-:*:*:*:*:*:*:*", matchCriteriaId: "F51C9D91-A64F-446E-BC14-7C79B770C3A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755:-:*:*:*:*:*:*:*", matchCriteriaId: "47BE9434-12D6-4801-8B04-7F18AF58E717", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6758:-:*:*:*:*:*:*:*", matchCriteriaId: "B15C285A-0A26-46F7-9D72-CCADC47D93B0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6797:-:*:*:*:*:*:*:*", matchCriteriaId: "CE7CC141-E2D6-4F28-B6F0-167E11869CD1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6799:-:*:*:*:*:*:*:*", matchCriteriaId: "FC0CAAE1-2BC9-49CA-AC68-2217A4258BDD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*", matchCriteriaId: "1E5B22E8-3536-4DBC-8E71-3E14FE45A887", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258.", }, { lang: "es", value: "En el decodificador alac, existe una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Esto podría llevar a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. ID del parche: ALPS06064258; ID del problema: ALPS06064258", }, ], id: "CVE-2021-0675", lastModified: "2024-11-21T05:43:07.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-15T19:15:10.573", references: [ { source: "security@android.com", tags: [ "Third Party Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-02 04:15
Modified
2025-04-22 13:54
Severity ?
Summary
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/December-2024 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8370 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.", }, { lang: "es", value: "En vdec, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los privilegios de ejecución del sistema. No se necesita la interacción del usuario para la explotación. ID de parche: ALPS09046782; ID de problema: MSV-1728.", }, ], id: "CVE-2024-20125", lastModified: "2025-04-22T13:54:17.490", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-02T04:15:04.663", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-06 18:15
Modified
2025-03-17 19:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2715:-:*:*:*:*:*:*:*", matchCriteriaId: "FA252F20-1BB7-4654-972C-F257F37396A7", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8192:-:*:*:*:*:*:*:*", matchCriteriaId: "422634C7-D280-4664-AEE2-AA5B6723B836", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8871:-:*:*:*:*:*:*:*", matchCriteriaId: "E1F80793-01B7-403A-A5F4-031F82FAC77A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8891:-:*:*:*:*:*:*:*", matchCriteriaId: "C450B83A-913C-4E5B-B025-11071B6824D7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.", }, ], id: "CVE-2023-20655", lastModified: "2025-03-17T19:15:15.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-06T18:15:08.503", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible escritura fuera de límites debido a que falta una verificación de rango válido. Esto podría conducir a una escalada local de privilegios con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS07340433; ID del problema: ALPS07340381.", }, ], id: "CVE-2023-20850", lastModified: "2024-11-21T07:41:41.537", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:12.033", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-03 19:40
Severity ?
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.", }, { lang: "es", value: "En DA, existe la posibilidad de leer datos de montón no inicializados debido a datos no inicializados. Esto podría provocar la divulgación de información local, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291449; ID de problema: MSV-2066.", }, ], id: "CVE-2025-20638", lastModified: "2025-02-03T19:40:23.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:08.863", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-457", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| linux | linux_kernel | 4.19 | |
| mediatek | mt2713 | - | |
| mediatek | mt5221 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8518s | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", matchCriteriaId: "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*", matchCriteriaId: "518D4593-D5E2-489C-92C3-343716A621E9", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", matchCriteriaId: "A4675A09-0147-4690-8AA1-E3802CA1B3EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", matchCriteriaId: "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.", }, { lang: "es", value: "En el controlador Bluetooth, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría dar lugar a una fuga de información local con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS07867212; ID de la incidencia: LPS07867212. ", }, ], id: "CVE-2023-32810", lastModified: "2024-11-21T08:04:04.500", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:13.223", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550.", }, { lang: "es", value: "En cta,existe una posible divulgación de información debido a la falta de comprobación de permisos. Esto podría conducir a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No es necesaria la interacción del usuario para su explotación. ID del parche:ALPS07978550; ID de la incidencia: ALPS07978550.", }, ], id: "CVE-2023-20826", lastModified: "2024-11-21T07:41:37.413", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:09.137", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.", }, { lang: "es", value: "En display drm, hay una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07363632; ID del problema: ALPS07363689.", }, ], id: "CVE-2023-32869", lastModified: "2024-11-21T08:04:14.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.717", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-04-22 13:53
Severity ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.", }, { lang: "es", value: " En ccu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09065887; ID de problema: MSV-1762.", }, ], id: "CVE-2024-20110", lastModified: "2025-04-22T13:53:12.060", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.480", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| linux | linux_kernel | 4.19 | |
| mediatek | mt2713 | - | |
| mediatek | mt5221 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8518s | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", matchCriteriaId: "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*", matchCriteriaId: "518D4593-D5E2-489C-92C3-343716A621E9", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", matchCriteriaId: "A4675A09-0147-4690-8AA1-E3802CA1B3EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", matchCriteriaId: "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.", }, { lang: "es", value: "En imgsys, existe una posible lectura fuera de límites debido a una condición de carrera. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS07326455; ID del problema: ALPS07326418.", }, ], id: "CVE-2023-20838", lastModified: "2024-11-21T07:41:39.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.3, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:10.560", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-03 18:15
Severity ?
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Summary
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.", }, { lang: "es", value: "En V5 DA, existe una posible escritura fuera de los límites debido a un neutra. Esto podría provocar una escalada local de privilegios, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291406; ID de problema: MSV-2070.", }, ], id: "CVE-2024-20142", lastModified: "2025-02-03T18:15:33.520", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:07.803", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 03:15
Modified
2025-04-22 19:54
Severity ?
Summary
In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8512 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8512:-:*:*:*:*:*:*:*", matchCriteriaId: "3E51B721-CBDD-4223-ACD1-509E82D1B4A2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.", }, { lang: "es", value: "En da, existe una posible divulgación de información debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541632; ID del problema: ALPS08541741.", }, ], id: "CVE-2024-20030", lastModified: "2025-04-22T19:54:09.547", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T03:15:07.500", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", matchCriteriaId: "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", matchCriteriaId: "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", matchCriteriaId: "8BF784DB-3560-4045-BB32-F12DCF4C43B1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6732:-:*:*:*:*:*:*:*", matchCriteriaId: "A7FBCBDD-5ADA-49A7-A152-61FB909EE5FF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750:-:*:*:*:*:*:*:*", matchCriteriaId: "F51C9D91-A64F-446E-BC14-7C79B770C3A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6752:-:*:*:*:*:*:*:*", matchCriteriaId: "22C2668D-7A14-42AA-A164-957FE78B9ABF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755:-:*:*:*:*:*:*:*", matchCriteriaId: "47BE9434-12D6-4801-8B04-7F18AF58E717", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6758:-:*:*:*:*:*:*:*", matchCriteriaId: "B15C285A-0A26-46F7-9D72-CCADC47D93B0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6795:-:*:*:*:*:*:*:*", matchCriteriaId: "809FEAD7-F02B-48A9-B442-28B46C7806C6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6797:-:*:*:*:*:*:*:*", matchCriteriaId: "CE7CC141-E2D6-4F28-B6F0-167E11869CD1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6799:-:*:*:*:*:*:*:*", matchCriteriaId: "FC0CAAE1-2BC9-49CA-AC68-2217A4258BDD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8735a:-:*:*:*:*:*:*:*", matchCriteriaId: "45A7A805-EFED-47B3-884C-158FF1EECAEC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8735b:-:*:*:*:*:*:*:*", matchCriteriaId: "E1BB519B-9BA4-4D4A-8ED1-CE79E56E70E4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035", }, { lang: "es", value: "En la aplicación Browser, existe una posible divulgación de información debido a la falta de comprobación de permisos. Esto podría conducir a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación.Producto: AndroidVersiones: Android SoCAndroid ID: A-199678035", }, ], id: "CVE-2021-0672", lastModified: "2024-11-21T05:43:07.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:09.210", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://source.android.com/security/bulletin/2021-11-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://source.android.com/security/bulletin/2021-11-01", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| android | 11.0 | ||
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9636 | - | |
| mediatek | mt9638 | - | |
| mediatek | mt9639 | - | |
| mediatek | mt9650 | - | |
| mediatek | mt9652 | - | |
| mediatek | mt9669 | - | |
| mediatek | mt9686 | - | |
| mediatek | mt9970 | - | |
| mediatek | mt9980 | - | |
| mediatek | mt9981 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625.", }, { lang: "es", value: "En mdlactl driver, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberadaa. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05776625; ID del Problema: ALPS05776625.", }, ], id: "CVE-2021-0629", lastModified: "2024-11-21T05:43:02.953", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.397", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05664618", }, ], id: "CVE-2021-0901", lastModified: "2024-11-21T05:43:14.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.537", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-04 15:24
Severity ?
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.", }, { lang: "es", value: "En DA, existe una posible escritura fuera de los límites debido a un neutra. Esto podría provocar una escalada local de privilegios, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291146; ID de problema: MSV-2060.", }, ], id: "CVE-2025-20639", lastModified: "2025-02-04T15:24:00.723", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:08.980", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.", }, { lang: "es", value: "En camsys, existe un posible Use After Free debido a una condición de carrera. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. No es necesaria la interacción del usuario para la explotación. ID del parche: ALPS07341261; ID de la incidencia: ALPS07326570. ", }, ], id: "CVE-2023-20835", lastModified: "2024-11-21T07:41:39.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:10.183", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6735 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.", }, { lang: "es", value: "En duraspeed, existe una posible divulgación de información debido a la falta de comprobación de permisos. Esto podría conducir a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS07951402; ID de la incidencia: ALPS07951413.", }, ], id: "CVE-2023-20825", lastModified: "2024-11-21T07:41:37.290", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:09.023", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 22:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt5696 | - | |
| mediatek | mt5836 | - | |
| mediatek | mt5838 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9000 | - | |
| mediatek | mt9015 | - | |
| mediatek | mt9023 | - | |
| mediatek | mt9025 | - | |
| mediatek | mt9618 | - | |
| mediatek | mt9649 | - | |
| mediatek | mt9653 | - | |
| mediatek | mt9679 | - | |
| mediatek | mt9687 | - | |
| mediatek | mt9689 | - | |
| mediatek | mt9902 | - | |
| mediatek | mt9932 | - | |
| mediatek | mt9952 | - | |
| mediatek | mt9972 | - | |
| mediatek | mt9982 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*", matchCriteriaId: "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*", matchCriteriaId: "222E4ECD-459A-4422-947F-FF26E026BC56", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*", matchCriteriaId: "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*", matchCriteriaId: "354492FD-4052-41F8-805E-55F387AF8F17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*", matchCriteriaId: "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*", matchCriteriaId: "A6133E43-E032-4334-88C7-116B27B3090D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", matchCriteriaId: "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*", matchCriteriaId: "C1C6E88C-46DD-45AB-88C1-B69FC0E25056", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", matchCriteriaId: "63BC3AE7-4180-4B8C-AB69-8AC4F502700D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*", matchCriteriaId: "717AE700-78CC-4750-92CB-C9293571EC7D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*", matchCriteriaId: "0BC2011E-7629-477E-A898-9748119F7A23", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*", matchCriteriaId: "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*", matchCriteriaId: "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB40D8E-E934-47B1-A3A9-102F39C2FF21", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*", matchCriteriaId: "0407203F-F9DE-4899-B0E6-226A7E9952CA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*", matchCriteriaId: "0C76B993-B660-41EB-A66A-96011A044BF6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*", matchCriteriaId: "5F8F0452-97F5-4BC6-AC85-42A24721F7CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173.", }, ], id: "CVE-2023-20738", lastModified: "2025-01-07T22:15:28.617", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:13.430", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5522:-:*:*:*:*:*:*:*", matchCriteriaId: "1C38B265-3EE8-417C-9D59-6182939ED27E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5527:-:*:*:*:*:*:*:*", matchCriteriaId: "69C04171-DB18-40D7-AFC5-04A869942396", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5597:-:*:*:*:*:*:*:*", matchCriteriaId: "FC084C16-6693-4FEA-9BDD-B633EAA3E432", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5598:-:*:*:*:*:*:*:*", matchCriteriaId: "455B256C-83C8-406F-B28F-A4205E7C094E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5599:-:*:*:*:*:*:*:*", matchCriteriaId: "A4FF926A-2D26-4666-ACA4-474A89243566", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*", matchCriteriaId: "FAC84405-17EE-4C25-8477-317F2A6A095F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9285:-:*:*:*:*:*:*:*", matchCriteriaId: "7A7E7D3C-436A-4068-99F1-AFEB34989F69", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*", matchCriteriaId: "4CEEB709-8C7B-48AF-B359-9CE9C68790D5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*", matchCriteriaId: "6081A92B-4361-462A-9F7F-570AC7256CDB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*", matchCriteriaId: "47E5EE7B-1208-4007-AF87-6DC309FFE312", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*", matchCriteriaId: "CA834B63-F689-48BA-84E6-500351990BFD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*", matchCriteriaId: "EF1B3B37-22C4-42F4-8264-07512619D706", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9670:-:*:*:*:*:*:*:*", matchCriteriaId: "FC3E19E5-4DD7-4ECB-A7AE-F501A152078E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*", matchCriteriaId: "046B7E06-8C40-4D37-8D10-4816E51CA143", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*", matchCriteriaId: "CFD9AD54-9F0F-414B-8936-3A981657D6AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*", matchCriteriaId: "F7D78E76-6A3B-4736-B7E7-C9032CDA845B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9931:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB4C96A-A50F-4194-BE9C-BF2DFD3DEB3B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9950:-:*:*:*:*:*:*:*", matchCriteriaId: "31E0E580-A76F-4CFA-BFF2-0F7540C63C3C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.", }, { lang: "es", value: "En asf extractor, se presenta una posible lectura fuera de límites debido a un desbordamiento del búfer de la pila. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05489178; ID del Problema: ALPS05561381.", }, ], id: "CVE-2021-0620", lastModified: "2024-11-21T05:43:01.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.100", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-23 22:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt6835 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).", }, ], id: "CVE-2023-20695", lastModified: "2025-01-23T22:15:10.563", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.523", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9636 | - | |
| mediatek | mt9638 | - | |
| mediatek | mt9639 | - | |
| mediatek | mt9650 | - | |
| mediatek | mt9652 | - | |
| mediatek | mt9669 | - | |
| mediatek | mt9686 | - | |
| mediatek | mt9970 | - | |
| mediatek | mt9980 | - | |
| mediatek | mt9981 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.", }, { lang: "es", value: "En apusys, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672113; ID del Problema: ALPS05672113.", }, ], id: "CVE-2021-0665", lastModified: "2024-11-21T05:43:06.497", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.823", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.", }, { lang: "es", value: "En gps, existe una posible escritura fuera de los límites debido a una falta de verificación de los límites. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación.ID de parche: ALPS08014144; ID del problema: ALPS08014156.", }, ], id: "CVE-2023-20830", lastModified: "2024-11-21T07:41:38.323", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:09.650", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-02 05:15
Modified
2024-10-27 03:35
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/September-2024 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 13.0 | ||
| android | 14.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02 | |
| openwrt | openwrt | 22.03.5 | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8676 | - | |
| mediatek | mt8678 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:*:*:*:*:*:*:*", matchCriteriaId: "18B405E0-E094-48F4-951B-96132898F72F", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*", matchCriteriaId: "7D36D1D8-C428-438F-A773-150B30A8EBFC", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:22.03.5:*:*:*:*:*:*:*", matchCriteriaId: "E4A72088-37C7-4820-B650-440FE4848BDD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.", }, { lang: "es", value: "En estado de encendido, es posible que se produzca una lectura fuera de los límites debido a la falta de una comprobación de los límites. Esto podría provocar la divulgación de información local con privilegios de ejecución de System necesarios. No se necesita interacción del usuario para la explotación. ID de parche: ALPS08944210; ID de problema: MSV-1561.", }, ], id: "CVE-2024-20084", lastModified: "2024-10-27T03:35:00.590", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-02T05:15:14.797", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| android | 11.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6758 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6795 | - | |
| mediatek | mt6797 | - | |
| mediatek | mt6799 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8163 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6758:-:*:*:*:*:*:*:*", matchCriteriaId: "B15C285A-0A26-46F7-9D72-CCADC47D93B0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6795:-:*:*:*:*:*:*:*", matchCriteriaId: "809FEAD7-F02B-48A9-B442-28B46C7806C6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6797:-:*:*:*:*:*:*:*", matchCriteriaId: "CE7CC141-E2D6-4F28-B6F0-167E11869CD1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6799:-:*:*:*:*:*:*:*", matchCriteriaId: "FC0CAAE1-2BC9-49CA-AC68-2217A4258BDD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.", }, { lang: "es", value: "En ape extractor, se presenta una posible lectura fuera de límites debido a la falta de comprobación de los límites. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05561395; ID del Problema: ALPS05561395.", }, ], id: "CVE-2021-0619", lastModified: "2024-11-21T05:43:01.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:07.603", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.", }, ], id: "CVE-2023-20793", lastModified: "2024-11-21T07:41:32.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.323", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:48
Severity ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.", }, { lang: "es", value: "En da, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541784; ID del problema: ALPS08541784.", }, ], id: "CVE-2024-20043", lastModified: "2025-04-23T13:48:11.947", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.007", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", matchCriteriaId: "A4675A09-0147-4690-8AA1-E3802CA1B3EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.", }, { lang: "es", value: "En meta, existe un posible desbordamiento del búfer clásico debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08000473; ID del problema: ALPS08000473.", }, ], id: "CVE-2023-32859", lastModified: "2024-11-21T08:04:12.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-12-04T04:15:08.240", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 19:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586.", }, ], id: "CVE-2023-20752", lastModified: "2025-01-07T19:15:29.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:15.653", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 21:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6789 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.", }, ], id: "CVE-2023-20743", lastModified: "2025-01-07T21:15:11.097", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:14.163", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-667", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", matchCriteriaId: "083F6134-FF26-4F1B-9B77-971D342AF774", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.", }, { lang: "es", value: "En el servicio gnss, existe una posible lectura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS08044040; ID de la incidencia: ALPS08044032. ", }, ], id: "CVE-2023-32816", lastModified: "2024-11-21T08:04:05.470", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:14.220", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", matchCriteriaId: "083F6134-FF26-4F1B-9B77-971D342AF774", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.", }, { lang: "es", value: "En el servicio gnss, existe una posible lectura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS08044040; ID de la incidencia: ALPS08044035.", }, ], id: "CVE-2023-32817", lastModified: "2024-11-21T08:04:05.610", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:14.277", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.", }, ], id: "CVE-2023-20786", lastModified: "2024-11-21T07:41:31.530", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:12.990", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6735 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402.", }, { lang: "es", value: "En duraspeed, existe una posible divulgación de información debido a la falta de comprobación de permisos. Esto podría conducir a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS07951402; ID de la incidencia: ALPS07951402.", }, ], id: "CVE-2023-20824", lastModified: "2024-11-21T07:41:37.173", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:08.893", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05671206", }, ], id: "CVE-2021-0896", lastModified: "2024-11-21T05:43:13.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.283", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt2735 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6855t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", matchCriteriaId: "083F6134-FF26-4F1B-9B77-971D342AF774", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.", }, { lang: "es", value: "En el servicio gnss, existe una posible lectura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS08031947; ID de la incidencia: ALPS08031947. ", }, ], id: "CVE-2023-32814", lastModified: "2024-11-21T08:04:05.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:13.783", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| mediatek | iot_yocto | 23.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6879 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6896 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8137 | - | |
| mediatek | mt8139 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8195z | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", matchCriteriaId: "33DEF766-EAF1-4E36-BB7C-43069B26507A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8137:-:*:*:*:*:*:*:*", matchCriteriaId: "E3E832CB-1FEB-4E32-B675-6CC49E4A8024", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8139:-:*:*:*:*:*:*:*", matchCriteriaId: "14C5DB83-B705-4B2C-916E-4B67C0D9FBAB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", matchCriteriaId: "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.", }, { lang: "es", value: "En apusys, existe una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07713478; ID del problema: ALPS07713478.", }, ], id: "CVE-2023-32829", lastModified: "2024-11-21T08:04:07.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-02T03:15:10.183", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.", }, { lang: "es", value: "En imgsys, existe una posible lectura y escritura fuera de límites debido a que falta una verificación de rango válido. Esto podría conducir a una escalada local de privilegios con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS07326430; ID del problema: ALPS07326430.", }, ], id: "CVE-2023-20840", lastModified: "2024-11-21T07:41:40.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:10.827", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.3 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2737 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.", }, { lang: "es", value: "En flashc, existe una posible escritura fuera de los límites debido a una excepción no detectada. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541757; ID del problema: ALPS08541764.", }, ], id: "CVE-2024-20053", lastModified: "2025-04-23T13:47:12.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.537", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-04-22 13:50
Severity ?
Summary
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| linuxfoundation | yocto | 5.0 | |
| mediatek | software_development_kit | * | |
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| openwrt | openwrt | 23.05 | |
| mediatek | mt2737 | - | |
| mediatek | mt3603 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6878 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt7902 | - | |
| mediatek | mt7920 | - | |
| mediatek | mt7921 | - | |
| mediatek | mt7922 | - | |
| mediatek | mt7925 | - | |
| mediatek | mt7927 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8370 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8518s | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8678 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:5.0:*:*:*:*:*:*:*", matchCriteriaId: "067BC2E4-D44D-4817-861C-8596A497E183", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "478606CD-9678-4C35-A0E4-DC973B04D76A", versionEndIncluding: "3.5", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*", matchCriteriaId: "AED95D06-8EC6-4070-BE3C-E0F851D7FFC1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt3603:-:*:*:*:*:*:*:*", matchCriteriaId: "BE21866A-505E-4526-A346-60C97DCE080B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", matchCriteriaId: "855A8046-34ED-4891-ACE5-76AB10AC8D53", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", matchCriteriaId: "91DEA745-47A8-43F1-A1B2-F53F651A99EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*", matchCriteriaId: "140DAC08-96E9-47D3-BC2E-65E999DCFD50", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*", matchCriteriaId: "EA2A6813-7138-441E-A9E4-FF62FCBD797A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*", matchCriteriaId: "27CFC9DF-2F4C-469A-8A19-A260B1134CFE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*", matchCriteriaId: "05525018-AFE0-415C-A71C-A77922C7D637", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", matchCriteriaId: "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.", }, { lang: "es", value: "En Bluetooth FW, existe una posible afirmación de accesibilidad debido a una gestión inadecuada de excepciones. Esto podría provocar una denegación de servicio remota sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: WCNCR00389046 (Nota: para conjuntos de chips MT79XX) / ALPS09136501 (Nota: para conjuntos de chips MT2737, MT3603, MT6XXX y MT8XXX); ID de problema: MSV-1797.", }, ], id: "CVE-2024-20147", lastModified: "2025-04-22T13:50:37.573", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:07.927", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-617", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para su explotación. ID del parche: ALPS07340119; ID de la incidencia: ALPS07340119. ", }, ], id: "CVE-2023-20843", lastModified: "2024-11-21T07:41:40.583", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:11.343", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:46
Severity ?
Summary
In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 4.0 | |
| mediatek | iot_yocto | 23.2 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8370 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8696 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8871 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.2:*:*:*:*:*:*:*", matchCriteriaId: "FC6EF24A-37C2-4BFD-BF05-79089E74910C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", matchCriteriaId: "26573298-76BC-49FE-8D99-CF03ED01B185", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8871:-:*:*:*:*:*:*:*", matchCriteriaId: "E1F80793-01B7-403A-A5F4-031F82FAC77A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.", }, { lang: "es", value: "En imgsys, existe una posible divulgación de información debido a una verificación de los límites faltantes. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. Se necesita la interacción del usuario para la explotación ID del parche: ALPS08518692; ID del problema: MSV-1012.", }, ], id: "CVE-2024-20055", lastModified: "2025-04-23T13:46:52.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.640", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-04 02:15
Modified
2024-11-21 07:41
Severity ?
Summary
In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.", }, ], id: "CVE-2023-20760", lastModified: "2024-11-21T07:41:29.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-04T02:15:10.180", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-04 15:22
Severity ?
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Summary
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.", }, { lang: "es", value: "En DA, existe una posible lectura fuera de los límites debido a un neutra. Esto podría provocar la divulgación de información local, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291146; ID de problema: MSV-2059.", }, ], id: "CVE-2025-20640", lastModified: "2025-02-04T15:22:56.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:09.093", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.", }, ], id: "CVE-2023-20801", lastModified: "2024-11-21T07:41:33.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.730", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05672059", }, ], id: "CVE-2021-0899", lastModified: "2024-11-21T05:43:14.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.437", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 21:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.1 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt7663 | - | |
| mediatek | mt7668 | - | |
| mediatek | mt7902 | - | |
| mediatek | mt7921 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8518 | - | |
| mediatek | mt8532 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8695 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*", matchCriteriaId: "10C79211-F064-499D-914E-0BACD038FBF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*", matchCriteriaId: "8E400AB9-B82A-4449-8789-35112940270F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", matchCriteriaId: "91DEA745-47A8-43F1-A1B2-F53F651A99EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:*", matchCriteriaId: "EE5E73E0-EF8D-4659-B447-66474BC05708", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", matchCriteriaId: "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*", matchCriteriaId: "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.", }, ], id: "CVE-2023-20728", lastModified: "2025-01-07T21:15:10.397", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:12.070", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", matchCriteriaId: "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.", }, { lang: "es", value: "En netdagent, existe una posible divulgación de información debido a una comprobación de límites omitida. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS07944012; ID de la incidencia: ALPS07944012.", }, ], id: "CVE-2023-20822", lastModified: "2024-11-21T07:41:36.873", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:08.647", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.", }, { lang: "es", value: "En ftm, existe una posible escritura fuera de límites debido a una verificación de límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07994229; ID del problema: ALPS07994229.", }, ], id: "CVE-2023-32822", lastModified: "2024-11-21T08:04:06.523", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-02T03:15:09.917", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer en la región stack de la memoria. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672103; ID del Problema: ALPS05672103.", }, ], id: "CVE-2021-0657", lastModified: "2024-11-21T05:43:05.653", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.583", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710.", }, { lang: "es", value: "En display, hay una posible lectura fuera de los límites debido a una verificación de estado incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07993705; ID del problema: ALPS07993710.", }, ], id: "CVE-2023-32857", lastModified: "2024-11-21T08:04:11.927", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.140", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05670549", }, ], id: "CVE-2021-0897", lastModified: "2024-11-21T05:43:13.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.337", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-367", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.", }, { lang: "es", value: "En apusys, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05672055", }, ], id: "CVE-2021-0900", lastModified: "2024-11-21T05:43:14.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.487", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 03:15
Modified
2025-04-22 20:23
Severity ?
Summary
In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.", }, { lang: "es", value: "En pq, existe una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08495932; ID del problema: ALPS08495932.", }, ], id: "CVE-2024-20038", lastModified: "2025-04-22T20:23:48.507", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T03:15:07.800", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-08 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt5696 | - | |
| mediatek | mt5836 | - | |
| mediatek | mt5838 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9000 | - | |
| mediatek | mt9015 | - | |
| mediatek | mt9023 | - | |
| mediatek | mt9025 | - | |
| mediatek | mt9618 | - | |
| mediatek | mt9649 | - | |
| mediatek | mt9653 | - | |
| mediatek | mt9679 | - | |
| mediatek | mt9687 | - | |
| mediatek | mt9689 | - | |
| mediatek | mt9902 | - | |
| mediatek | mt9932 | - | |
| mediatek | mt9952 | - | |
| mediatek | mt9972 | - | |
| mediatek | mt9982 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*", matchCriteriaId: "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*", matchCriteriaId: "222E4ECD-459A-4422-947F-FF26E026BC56", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*", matchCriteriaId: "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*", matchCriteriaId: "354492FD-4052-41F8-805E-55F387AF8F17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*", matchCriteriaId: "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*", matchCriteriaId: "A6133E43-E032-4334-88C7-116B27B3090D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", matchCriteriaId: "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*", matchCriteriaId: "C1C6E88C-46DD-45AB-88C1-B69FC0E25056", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", matchCriteriaId: "63BC3AE7-4180-4B8C-AB69-8AC4F502700D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*", matchCriteriaId: "717AE700-78CC-4750-92CB-C9293571EC7D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*", matchCriteriaId: "0BC2011E-7629-477E-A898-9748119F7A23", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*", matchCriteriaId: "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*", matchCriteriaId: "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB40D8E-E934-47B1-A3A9-102F39C2FF21", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*", matchCriteriaId: "0407203F-F9DE-4899-B0E6-226A7E9952CA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*", matchCriteriaId: "0C76B993-B660-41EB-A66A-96011A044BF6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*", matchCriteriaId: "5F8F0452-97F5-4BC6-AC85-42A24721F7CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.", }, ], id: "CVE-2023-20735", lastModified: "2025-01-08T15:15:11.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:12.910", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.", }, ], id: "CVE-2023-20798", lastModified: "2024-11-21T07:41:32.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.603", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-131", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 03:15
Modified
2025-03-28 20:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", matchCriteriaId: "08A26AC2-409E-499A-B0D5-8C2B5038947D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2715:-:*:*:*:*:*:*:*", matchCriteriaId: "FA252F20-1BB7-4654-972C-F257F37396A7", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.", }, { lang: "es", value: "En OPTEE, existe una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08522504; ID del problema: ALPS08522504.", }, ], id: "CVE-2024-20020", lastModified: "2025-03-28T20:15:20.563", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T03:15:07.107", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.", }, ], id: "CVE-2023-20705", lastModified: "2025-01-24T20:15:27.760", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.910", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1284", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-04 16:15
Modified
2024-11-21 06:41
Severity ?
Summary
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6630:-:*:*:*:*:*:*:*", matchCriteriaId: "CCC85BBB-5985-41A1-B19F-1C580C367B64", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7662t:-:*:*:*:*:*:*:*", matchCriteriaId: "3331F3A6-E176-4EA5-B253-D5B03945C2B6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*", matchCriteriaId: "10C79211-F064-499D-914E-0BACD038FBF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*", matchCriteriaId: "8E400AB9-B82A-4449-8789-35112940270F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", matchCriteriaId: "3AB22996-9C22-4B6C-9E94-E4C055D16335", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*", matchCriteriaId: "140DAC08-96E9-47D3-BC2E-65E999DCFD50", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", matchCriteriaId: "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*", matchCriteriaId: "EA2A6813-7138-441E-A9E4-FF62FCBD797A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362b:-:*:*:*:*:*:*:*", matchCriteriaId: "739BE124-C307-41B2-8E92-C223FE67F88A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.", }, { lang: "es", value: "En Bluetooth, se presenta un posible bloqueo de la aplicación debido a que bluetooth inunda un dispositivo con el paquete LMP_AU_rand. Esto podría conllevar a una denegación de servicio remota de bluetooth sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS06198608; ID de Incidencia: ALPS06198608", }, ], id: "CVE-2022-20023", lastModified: "2024-11-21T06:41:58.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-04T16:15:10.703", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.", }, ], id: "CVE-2023-20806", lastModified: "2024-11-21T07:41:33.973", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:14.060", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.", }, ], id: "CVE-2023-20790", lastModified: "2024-11-21T07:41:32.050", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.263", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-06 04:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.", }, { lang: "es", value: "En dpe, existe una posible escritura fuera de los límites debido a que falta una verificación de rango válido. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07262576; ID del problema: ALPS07262576.", }, ], id: "CVE-2023-32839", lastModified: "2024-11-21T08:04:09.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-11-06T04:15:08.053", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-03 19:37
Severity ?
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.", }, { lang: "es", value: "En V5 DA, existe una posible escritura fuera de los límites debido a un neutra. Esto podría provocar una escalada local de privilegios, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291402; ID de problema: MSV-2073.", }, ], id: "CVE-2024-20141", lastModified: "2025-02-03T19:37:54.117", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:07.660", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-123", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.", }, { lang: "es", value: "En display, hay una posible lectura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08059081; ID del problema: ALPS08059081.", }, ], id: "CVE-2023-32861", lastModified: "2024-11-21T08:04:12.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.353", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5522:-:*:*:*:*:*:*:*", matchCriteriaId: "1C38B265-3EE8-417C-9D59-6182939ED27E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5527:-:*:*:*:*:*:*:*", matchCriteriaId: "69C04171-DB18-40D7-AFC5-04A869942396", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5597:-:*:*:*:*:*:*:*", matchCriteriaId: "FC084C16-6693-4FEA-9BDD-B633EAA3E432", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5598:-:*:*:*:*:*:*:*", matchCriteriaId: "455B256C-83C8-406F-B28F-A4205E7C094E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5599:-:*:*:*:*:*:*:*", matchCriteriaId: "A4FF926A-2D26-4666-ACA4-474A89243566", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8186:-:*:*:*:*:*:*:*", matchCriteriaId: "E4932D34-06F4-49D7-81FB-772A82E8A5B5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*", matchCriteriaId: "FAC84405-17EE-4C25-8477-317F2A6A095F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9285:-:*:*:*:*:*:*:*", matchCriteriaId: "7A7E7D3C-436A-4068-99F1-AFEB34989F69", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*", matchCriteriaId: "4CEEB709-8C7B-48AF-B359-9CE9C68790D5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*", matchCriteriaId: "6081A92B-4361-462A-9F7F-570AC7256CDB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*", matchCriteriaId: "47E5EE7B-1208-4007-AF87-6DC309FFE312", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*", matchCriteriaId: "CA834B63-F689-48BA-84E6-500351990BFD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*", matchCriteriaId: "EF1B3B37-22C4-42F4-8264-07512619D706", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9670:-:*:*:*:*:*:*:*", matchCriteriaId: "FC3E19E5-4DD7-4ECB-A7AE-F501A152078E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*", matchCriteriaId: "046B7E06-8C40-4D37-8D10-4816E51CA143", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*", matchCriteriaId: "CFD9AD54-9F0F-414B-8936-3A981657D6AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*", matchCriteriaId: "F7D78E76-6A3B-4736-B7E7-C9032CDA845B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9931:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB4C96A-A50F-4194-BE9C-BF2DFD3DEB3B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9950:-:*:*:*:*:*:*:*", matchCriteriaId: "31E0E580-A76F-4CFA-BFF2-0F7540C63C3C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.", }, { lang: "es", value: "En asf extractor, se presenta una posible lectura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05489178; ID del Problema: ALPS05585817.", }, ], id: "CVE-2021-0623", lastModified: "2024-11-21T05:43:02.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.280", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.", }, { lang: "es", value: "En apusys, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05656484", }, ], id: "CVE-2021-0902", lastModified: "2024-11-21T05:43:14.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.587", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-02 05:15
Modified
2024-10-27 03:35
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/September-2024 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 2.6 | |
| linuxfoundation | yocto | 3.3 | |
| linuxfoundation | yocto | 4.0 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 13.0 | ||
| android | 14.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02 | |
| openwrt | openwrt | 22.03.5 | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8676 | - | |
| mediatek | mt8678 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:*:*:*:*:*:*:*", matchCriteriaId: "18B405E0-E094-48F4-951B-96132898F72F", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*", matchCriteriaId: "7D36D1D8-C428-438F-A773-150B30A8EBFC", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:22.03.5:*:*:*:*:*:*:*", matchCriteriaId: "E4A72088-37C7-4820-B650-440FE4848BDD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.", }, { lang: "es", value: "En estado de encendido, es posible que se produzca una lectura fuera de los límites debido a la falta de una comprobación de los límites. Esto podría provocar la divulgación de información local con privilegios de ejecución de System necesarios. No se necesita interacción del usuario para la explotación. ID de parche: ALPS08944204; ID de problema: MSV-1560.", }, ], id: "CVE-2024-20085", lastModified: "2024-10-27T03:35:00.897", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-09-02T05:15:14.933", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6879 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.", }, { lang: "es", value: "En camera middleware, existe una posible escritura fuera de límites debido a una validación de entrada faltante. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07993539; ID del problema: ALPS07993544.", }, ], id: "CVE-2023-32826", lastModified: "2024-11-21T08:04:07.340", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-02T03:15:10.050", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID del Problema: ALPS05672107.", }, ], id: "CVE-2021-0658", lastModified: "2024-11-21T05:43:05.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.637", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 03:15
Modified
2025-04-30 16:42
Severity ?
Summary
In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6768 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8195z | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8666a | - | |
| mediatek | mt8666b | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8676 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8766z | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8768a | - | |
| mediatek | mt8768b | - | |
| mediatek | mt8768t | - | |
| mediatek | mt8768z | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8788t | - | |
| mediatek | mt8788x | - | |
| mediatek | mt8788z | - | |
| mediatek | mt8792 | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", matchCriteriaId: "A4675A09-0147-4690-8AA1-E3802CA1B3EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", matchCriteriaId: "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666a:-:*:*:*:*:*:*:*", matchCriteriaId: "CF649E18-4DA8-4724-A9B2-575BC01BFACC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666b:-:*:*:*:*:*:*:*", matchCriteriaId: "69D98D9F-4594-4411-B788-BBD53EE5B227", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766z:-:*:*:*:*:*:*:*", matchCriteriaId: "8F25CBBB-B600-4A54-8653-4C60CD125353", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768a:-:*:*:*:*:*:*:*", matchCriteriaId: "D039235C-D84C-4E9B-9D01-16A24E95FE79", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768b:-:*:*:*:*:*:*:*", matchCriteriaId: "4D99E26E-A551-428C-90FF-0F6CDE28C1A1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768t:-:*:*:*:*:*:*:*", matchCriteriaId: "21CA41B1-2BAF-43DE-AD79-396FA5125695", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768z:-:*:*:*:*:*:*:*", matchCriteriaId: "02B6E7E0-8BD2-4BA1-948F-3F5A95B989F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788t:-:*:*:*:*:*:*:*", matchCriteriaId: "0165F48B-B11A-4A8B-859B-083D239270FF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788x:-:*:*:*:*:*:*:*", matchCriteriaId: "F4DE760A-BF65-4917-B571-1382C6703271", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788z:-:*:*:*:*:*:*:*", matchCriteriaId: "5CE75D73-582B-48BF-B38A-3F9626338C7D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", matchCriteriaId: "336FC69E-E89F-4642-B6B9-8009D9A2BD52", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.", }, { lang: "es", value: "En atf spm, existe una forma posible de reasignar la memoria física a la memoria virtual debido a un error lógico. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08584568; ID del problema: MSV-1249.", }, ], id: "CVE-2024-20021", lastModified: "2025-04-30T16:42:17.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T03:15:09.477", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-04 02:15
Modified
2024-11-21 07:41
Severity ?
Summary
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228.", }, ], id: "CVE-2023-20774", lastModified: "2024-11-21T07:41:30.513", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-04T02:15:10.550", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187.", }, { lang: "es", value: "En display drm, hay una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07292187; ID del problema: ALPS07292187.", }, ], id: "CVE-2023-32864", lastModified: "2024-11-21T08:04:13.507", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.487", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-04 02:15
Modified
2024-11-21 07:41
Severity ?
Summary
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 21.02 | |
| mediatek | mt6739 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6757c | - | |
| mediatek | mt6757cd | - | |
| mediatek | mt6757ch | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*", matchCriteriaId: "7D36D1D8-C428-438F-A773-150B30A8EBFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.", }, ], id: "CVE-2023-20775", lastModified: "2024-11-21T07:41:30.643", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-04T02:15:10.590", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-06 18:15
Modified
2025-03-17 19:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.", }, ], id: "CVE-2023-20658", lastModified: "2025-03-17T19:15:16.387", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-06T18:15:08.693", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05656488", }, ], id: "CVE-2021-0903", lastModified: "2024-11-21T05:43:14.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.707", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05722511", }, ], id: "CVE-2021-0678", lastModified: "2024-11-21T05:43:08.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.030", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.", }, { lang: "es", value: "En imgsys, existe una posible lectura fuera de los límites debido a una falta de comprobación de rango válido. Esto podría conducir a la divulgación de información local con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para la explotación. ID del parche: ALPS07197795; ID de la incidencia: ALPS07340357.", }, ], id: "CVE-2023-20845", lastModified: "2024-11-21T07:41:40.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:11.523", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 19:15
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt6835 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.", }, ], id: "CVE-2023-20750", lastModified: "2025-01-07T19:15:29.593", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:15.233", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.", }, { lang: "es", value: "En apusys, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05672038", }, ], id: "CVE-2021-0894", lastModified: "2024-11-21T05:43:13.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.180", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible lectura fuera de los límites debido a la falta de comprobación de rango válido. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. Se necesita la interacción del usuario para la explotación. ID del parche: ALPS07340433; ID de la incidencia: ALPS07340433.", }, ], id: "CVE-2023-20848", lastModified: "2024-11-21T07:41:41.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:11.830", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-03-13 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714.", }, { lang: "es", value: " En ccu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09037038; ID de problema: MSV-1714.", }, ], id: "CVE-2024-20114", lastModified: "2025-03-13T15:15:40.723", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.830", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 4.0 | |
| mediatek | iot_yocto | 23.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.", }, { lang: "es", value: "En connectivity system driver, existe una posible escritura fuera de límites debido a una validación de entrada incorrecta. Esto podría conducir a una escalada local de privilegios con privilegios de ejecución del sistema necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07929848; ID del problema: ALPS07929848.", }, ], id: "CVE-2023-32811", lastModified: "2024-11-21T08:04:04.623", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:13.387", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.", }, { lang: "es", value: "En imgsys_cmdq, existe una posible escritura fuera de límites debido a que falta una verificación de rango válido. Esto podría conducir a una escalada local de privilegios con privilegios de ejecución del sistema necesarios. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS07354259; ID del problema: ALPS07340477.", }, ], id: "CVE-2023-20842", lastModified: "2024-11-21T07:41:40.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:11.163", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", matchCriteriaId: "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.", }, ], id: "CVE-2023-20789", lastModified: "2024-11-21T07:41:31.933", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.193", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-04 15:19
Severity ?
3.9 (Low) - CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
5.7 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
Summary
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.", }, { lang: "es", value: "En DA, existe una posible lectura fuera de los límites debido a un neutra. Esto podría provocar la divulgación de información local, si un atacante tiene acceso físico al dispositivo, si un actor malicioso ya ha obtenido el privilegio System. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291146; ID de problema: MSV-2056.", }, ], id: "CVE-2025-20643", lastModified: "2025-02-04T15:19:23.330", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.2, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:09.460", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1295", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-04-22 13:53
Severity ?
Summary
In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", matchCriteriaId: "855A8046-34ED-4891-ACE5-76AB10AC8D53", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", matchCriteriaId: "33DEF766-EAF1-4E36-BB7C-43069B26507A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", matchCriteriaId: "1CF88096-5CBD-4A4B-8F47-33D38985956F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", matchCriteriaId: "336FC69E-E89F-4642-B6B9-8009D9A2BD52", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.", }, { lang: "es", value: " En atci, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09082988; ID de problema: MSV-1774.", }, ], id: "CVE-2024-20108", lastModified: "2025-04-22T13:53:18.823", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.273", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.", }, ], id: "CVE-2023-20802", lastModified: "2024-11-21T07:41:33.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:13.797", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.3 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2737 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.", }, { lang: "es", value: "En flashc, existe una posible falla del sistema debido a una excepción no detectada. Esto podría provocar una denegación de servicio local con los privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541757; ID del problema: ALPS08541758.", }, ], id: "CVE-2024-20051", lastModified: "2025-04-23T13:47:26.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.437", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-02 04:15
Modified
2025-04-22 13:56
Severity ?
Summary
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/December-2024 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6878 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6896 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8676 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8696 | - | |
| mediatek | mt8796 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", matchCriteriaId: "855A8046-34ED-4891-ACE5-76AB10AC8D53", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", matchCriteriaId: "33DEF766-EAF1-4E36-BB7C-43069B26507A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", matchCriteriaId: "26573298-76BC-49FE-8D99-CF03ED01B185", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.", }, { lang: "es", value: "En el estado de encendido, es posible que se produzca una escritura fuera de los límites debido a la falta de una comprobación de los límites. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita la interacción del usuario para la explotación. ID de parche: ALPS09193374; ID de problema: MSV-1982.", }, ], id: "CVE-2024-20130", lastModified: "2025-04-22T13:56:31.350", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-02T04:15:05.190", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-03 04:15
Modified
2025-02-04 15:22
Severity ?
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/February-2025 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.", }, { lang: "es", value: "En DA, existe una posible escritura fuera de los límites debido a un neutra. Esto podría provocar una escalada local de privilegios, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291146; ID de problema: MSV-2058.", }, ], id: "CVE-2025-20641", lastModified: "2025-02-04T15:22:10.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-02-03T04:15:09.210", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:yoctoproject:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "00D1586A-C49F-4655-8AC4-F4096B679869", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155.", }, ], id: "CVE-2023-20721", lastModified: "2025-01-24T15:15:09.697", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:11.350", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", matchCriteriaId: "397C75CA-D217-4617-B8B1-80F74CFB04CE", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", matchCriteriaId: "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.", }, { lang: "es", value: "En nvram, existe una posible escritura fuera de límites debido a una inexistente comprobación de límites. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. No es necesaria la interacción del usuario para la explotación. ID del parche: ALPS07937113; ID de la incidencia: ALPS07937113.", }, ], id: "CVE-2023-20821", lastModified: "2024-11-21T07:41:36.663", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:08.480", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.", }, { lang: "es", value: "En edma driver, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberadaa. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05709376; ID del Problema: ALPS05709376.", }, ], id: "CVE-2021-0656", lastModified: "2024-11-21T05:43:05.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.510", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05672071", }, ], id: "CVE-2021-0898", lastModified: "2024-11-21T05:43:14.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.387", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.", }, { lang: "es", value: "En display drm, hay una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07560793; ID del problema: ALPS07560793.", }, ], id: "CVE-2023-32867", lastModified: "2024-11-21T08:04:13.913", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.623", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.3 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2737 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.", }, { lang: "es", value: "En flashc, existe una posible divulgación de información debido a una excepción no detectada. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541757; ID del problema: ALPS08541761.", }, ], id: "CVE-2024-20052", lastModified: "2025-04-23T13:47:16.587", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.490", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-04 16:15
Modified
2024-11-21 06:41
Severity ?
Summary
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| android | 11.0 | ||
| android | 12.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6750 | - | |
| mediatek | mt6750s | - | |
| mediatek | mt6753 | - | |
| mediatek | mt6755 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8127 | - | |
| mediatek | mt8163 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8169 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8788 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750:-:*:*:*:*:*:*:*", matchCriteriaId: "F51C9D91-A64F-446E-BC14-7C79B770C3A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755:-:*:*:*:*:*:*:*", matchCriteriaId: "47BE9434-12D6-4801-8B04-7F18AF58E717", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*", matchCriteriaId: "BD7BDC63-3963-4C4D-B547-2936006926E9", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8169:-:*:*:*:*:*:*:*", matchCriteriaId: "E5375050-4568-4919-BFE3-A72E1C7E65A2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.", }, { lang: "es", value: "En el controlador mdp, se presenta una posible corrupción de memoria debido a un desbordamiento de enteros. Esto podría conllevar a una escalada local de privilegios sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05836478; ID de Incidencia: ALPS05836478", }, ], id: "CVE-2022-20012", lastModified: "2024-11-21T06:41:56.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-04T16:15:10.167", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-02 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.", }, { lang: "es", value: "En Engineer Mode, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08282249; ID del problema: ALPS08282249.", }, ], id: "CVE-2023-32883", lastModified: "2024-11-21T08:04:15.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-02T03:15:08.260", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 17:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediatek | iot_yocto | 22.2 | |
| android | 11.0 | ||
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt5696 | - | |
| mediatek | mt5836 | - | |
| mediatek | mt5838 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9000 | - | |
| mediatek | mt9023 | - | |
| mediatek | mt9025 | - | |
| mediatek | mt9618 | - | |
| mediatek | mt9653 | - | |
| mediatek | mt9687 | - | |
| mediatek | mt9689 | - | |
| mediatek | mt9902 | - | |
| mediatek | mt9932 | - | |
| mediatek | mt9952 | - | |
| mediatek | mt9972 | - | |
| mediatek | mt9982 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mediatek:iot_yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "22FE75BC-C0ED-445D-9ECD-BEA9D8881CBE", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*", matchCriteriaId: "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*", matchCriteriaId: "222E4ECD-459A-4422-947F-FF26E026BC56", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*", matchCriteriaId: "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*", matchCriteriaId: "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*", matchCriteriaId: "A6133E43-E032-4334-88C7-116B27B3090D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", matchCriteriaId: "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", matchCriteriaId: "63BC3AE7-4180-4B8C-AB69-8AC4F502700D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*", matchCriteriaId: "0BC2011E-7629-477E-A898-9748119F7A23", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*", matchCriteriaId: "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*", matchCriteriaId: "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB40D8E-E934-47B1-A3A9-102F39C2FF21", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*", matchCriteriaId: "0407203F-F9DE-4899-B0E6-226A7E9952CA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*", matchCriteriaId: "0C76B993-B660-41EB-A66A-96011A044BF6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*", matchCriteriaId: "5F8F0452-97F5-4BC6-AC85-42A24721F7CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.", }, ], id: "CVE-2023-20673", lastModified: "2025-01-24T17:15:09.203", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.427", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-04-22 13:52
Severity ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036814; Issue ID: MSV-1715.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036814; Issue ID: MSV-1715.", }, { lang: "es", value: "En ccu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09036814; ID de problema: MSV-1715.", }, ], id: "CVE-2024-20113", lastModified: "2025-04-22T13:52:36.983", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.743", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 17:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| android | 13.0 | ||
| yoctoproject | yocto | 4.0 | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:yoctoproject:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "00D1586A-C49F-4655-8AC4-F4096B679869", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181.", }, ], id: "CVE-2023-20718", lastModified: "2025-01-24T17:15:09.937", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:11.230", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-05 06:15
Modified
2024-11-21 08:51
Severity ?
Summary
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6985 | - | |
| mediatek | mt8127 | - | |
| mediatek | mt8135 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8176 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8188t | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8195z | - | |
| mediatek | mt8312c | - | |
| mediatek | mt8312d | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*", matchCriteriaId: "BD7BDC63-3963-4C4D-B547-2936006926E9", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*", matchCriteriaId: "182A995C-2453-4DF2-ABCC-A885D8C334C0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*", matchCriteriaId: "1E5B22E8-3536-4DBC-8E71-3E14FE45A887", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", matchCriteriaId: "A4675A09-0147-4690-8AA1-E3802CA1B3EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", matchCriteriaId: "9B3A37B9-F500-4B3C-B77C-B2BD7B015154", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*", matchCriteriaId: "39915BEC-73D4-46B7-B52C-CED910AF3CA9", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*", matchCriteriaId: "3EF828C6-4B05-4E12-9B78-782F1F062F39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.", }, { lang: "es", value: "En el decodificador alac, existe una posible divulgación de información debido a una verificación de los límites incorrecta. Esto podría conducir a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08441146; ID del problema: ALPS08441146.", }, ], id: "CVE-2024-20011", lastModified: "2024-11-21T08:51:47.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-05T06:15:47.447", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5522:-:*:*:*:*:*:*:*", matchCriteriaId: "1C38B265-3EE8-417C-9D59-6182939ED27E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5527:-:*:*:*:*:*:*:*", matchCriteriaId: "69C04171-DB18-40D7-AFC5-04A869942396", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5597:-:*:*:*:*:*:*:*", matchCriteriaId: "FC084C16-6693-4FEA-9BDD-B633EAA3E432", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5598:-:*:*:*:*:*:*:*", matchCriteriaId: "455B256C-83C8-406F-B28F-A4205E7C094E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5599:-:*:*:*:*:*:*:*", matchCriteriaId: "A4FF926A-2D26-4666-ACA4-474A89243566", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8184:-:*:*:*:*:*:*:*", matchCriteriaId: "AEF76BE8-E35C-470B-813D-5290F6B0D281", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*", matchCriteriaId: "FAC84405-17EE-4C25-8477-317F2A6A095F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9285:-:*:*:*:*:*:*:*", matchCriteriaId: "7A7E7D3C-436A-4068-99F1-AFEB34989F69", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*", matchCriteriaId: "4CEEB709-8C7B-48AF-B359-9CE9C68790D5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*", matchCriteriaId: "6081A92B-4361-462A-9F7F-570AC7256CDB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*", matchCriteriaId: "47E5EE7B-1208-4007-AF87-6DC309FFE312", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*", matchCriteriaId: "CA834B63-F689-48BA-84E6-500351990BFD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*", matchCriteriaId: "EF1B3B37-22C4-42F4-8264-07512619D706", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", matchCriteriaId: "11B89606-5FD7-4513-984A-16217D37BF4B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", matchCriteriaId: "76F4FC23-534B-449A-8344-1F13AE9C8C57", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", matchCriteriaId: "392C9A58-EAB1-44B5-B189-98C68CC23199", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", matchCriteriaId: "2D0EF507-52A0-45D1-AC26-97F765E691FC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", matchCriteriaId: "C826242C-440E-4D85-841E-570E9C69777C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", matchCriteriaId: "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9670:-:*:*:*:*:*:*:*", matchCriteriaId: "FC3E19E5-4DD7-4ECB-A7AE-F501A152078E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*", matchCriteriaId: "046B7E06-8C40-4D37-8D10-4816E51CA143", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*", matchCriteriaId: "CFD9AD54-9F0F-414B-8936-3A981657D6AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", matchCriteriaId: "4B429106-36BE-42F2-8D05-FB9EF00BDFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*", matchCriteriaId: "F7D78E76-6A3B-4736-B7E7-C9032CDA845B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9931:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB4C96A-A50F-4194-BE9C-BF2DFD3DEB3B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9950:-:*:*:*:*:*:*:*", matchCriteriaId: "31E0E580-A76F-4CFA-BFF2-0F7540C63C3C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", matchCriteriaId: "961C13C3-2C3D-46B1-A618-D45920EC5E95", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", matchCriteriaId: "16B4C37E-B6CA-4176-B98D-E1C9E66472EA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", matchCriteriaId: "62282860-5EAF-45EA-B36E-6B6F124C3096", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.", }, { lang: "es", value: "En asf extractor, se presenta una posible lectura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05489178; ID del Problema: ALPS05561383.", }, ], id: "CVE-2021-0621", lastModified: "2024-11-21T05:43:02.060", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:08.163", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8781wifi | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8791wifi | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8797wifi | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "DC1B2D4B-C7C3-420C-9361-6C056B4BCA9E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "720F4AA0-6AAE-465F-8F50-F11DD11B5FA3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "9BD3FB61-EA42-4D3D-9867-7EBCD0B8F647", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.", }, { lang: "es", value: "En bluetooth driver, existe un posible acceso de lectura y escritura a los registros debido a un control de acceso inadecuado de la interfaz de registro. Esto podría provocar una fuga local de información confidencial que requiera privilegios de ejecución del sistema. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07849753; ID del problema: ALPS07849753.", }, ], id: "CVE-2023-32809", lastModified: "2024-11-21T08:04:04.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:13.023", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-02 04:15
Modified
2025-04-22 13:55
Severity ?
Summary
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/December-2024 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rdkcentral | rdk-b | 2022q3 | |
| rdkcentral | rdk-b | 2024q1 | |
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| android | 15.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| openwrt | openwrt | 23.05 | |
| mediatek | mt2737 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6878 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6897 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8370 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8676 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8755 | - | |
| mediatek | mt8775 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8893 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*", matchCriteriaId: "CB397DA1-62B3-48FD-B694-9FDA4DA25EDE", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*", matchCriteriaId: "AED95D06-8EC6-4070-BE3C-E0F851D7FFC1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", matchCriteriaId: "855A8046-34ED-4891-ACE5-76AB10AC8D53", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", matchCriteriaId: "1CF88096-5CBD-4A4B-8F47-33D38985956F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", matchCriteriaId: "CCFAADB1-C2B2-47A6-BB66-761B964E7DFB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.", }, { lang: "es", value: "En da, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09121847; ID de problema: MSV-1821.", }, ], id: "CVE-2024-20136", lastModified: "2025-04-22T13:55:43.890", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-02T04:15:05.920", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", matchCriteriaId: "16820CAF-0A8A-45C8-B5A8-979EA0407389", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*", matchCriteriaId: "08A26AC2-409E-499A-B0D5-8C2B5038947D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.", }, { lang: "es", value: "En audio, hay una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS08241940; ID del problema: ALPS08241940.", }, ], id: "CVE-2023-32847", lastModified: "2024-11-21T08:04:10.647", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:07.663", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 21:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).", }, ], id: "CVE-2023-20725", lastModified: "2025-01-07T21:15:10.227", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:11.937", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-06 18:15
Modified
2025-02-13 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2715 | - | |
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8696 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8795t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - | |
| mediatek | mt8871 | - | |
| mediatek | mt8891 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2715:-:*:*:*:*:*:*:*", matchCriteriaId: "FA252F20-1BB7-4654-972C-F257F37396A7", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", matchCriteriaId: "26573298-76BC-49FE-8D99-CF03ED01B185", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8871:-:*:*:*:*:*:*:*", matchCriteriaId: "E1F80793-01B7-403A-A5F4-031F82FAC77A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8891:-:*:*:*:*:*:*:*", matchCriteriaId: "C450B83A-913C-4E5B-B025-11071B6824D7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.", }, ], id: "CVE-2023-20670", lastModified: "2025-02-13T15:15:14.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-06T18:15:09.183", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632.", }, { lang: "es", value: "En display drm, hay una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07363632; ID del problema: ALPS07363632.", }, ], id: "CVE-2023-32868", lastModified: "2024-11-21T08:04:14.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.673", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:48
Severity ?
Summary
In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.", }, { lang: "es", value: "En audio, existe una posible lectura fuera de los límites debido a un cálculo incorrecto del tamaño del búfer. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08024748; ID del problema: ALPS08029526.", }, ], id: "CVE-2024-20045", lastModified: "2025-04-23T13:48:02.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.103", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-06 13:15
Modified
2025-01-07 20:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | iot-yocto | 22.2 | |
| linuxfoundation | yocto | 4.0 | |
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt5696 | - | |
| mediatek | mt5836 | - | |
| mediatek | mt5838 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt9000 | - | |
| mediatek | mt9015 | - | |
| mediatek | mt9023 | - | |
| mediatek | mt9025 | - | |
| mediatek | mt9618 | - | |
| mediatek | mt9649 | - | |
| mediatek | mt9653 | - | |
| mediatek | mt9679 | - | |
| mediatek | mt9687 | - | |
| mediatek | mt9689 | - | |
| mediatek | mt9902 | - | |
| mediatek | mt9932 | - | |
| mediatek | mt9952 | - | |
| mediatek | mt9972 | - | |
| mediatek | mt9982 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:iot-yocto:22.2:*:*:*:*:*:*:*", matchCriteriaId: "B20DD930-83A1-4715-AD51-458ECA2578D8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*", matchCriteriaId: "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5836:-:*:*:*:*:*:*:*", matchCriteriaId: "222E4ECD-459A-4422-947F-FF26E026BC56", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt5838:-:*:*:*:*:*:*:*", matchCriteriaId: "E72667B1-71C3-4DB5-A5E4-BC8212B1B00B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0200228-E2A8-4DBE-A4DA-7AC7D4B9DE99", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*", matchCriteriaId: "354492FD-4052-41F8-805E-55F387AF8F17", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9023:-:*:*:*:*:*:*:*", matchCriteriaId: "591A2A8B-DB5D-42BC-99A6-0D0DAB45C645", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*", matchCriteriaId: "A6133E43-E032-4334-88C7-116B27B3090D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", matchCriteriaId: "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*", matchCriteriaId: "C1C6E88C-46DD-45AB-88C1-B69FC0E25056", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", matchCriteriaId: "63BC3AE7-4180-4B8C-AB69-8AC4F502700D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*", matchCriteriaId: "717AE700-78CC-4750-92CB-C9293571EC7D", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*", matchCriteriaId: "0BC2011E-7629-477E-A898-9748119F7A23", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*", matchCriteriaId: "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9902:-:*:*:*:*:*:*:*", matchCriteriaId: "A42C58EE-7A5A-42BE-9C64-1A0F3657AA05", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9932:-:*:*:*:*:*:*:*", matchCriteriaId: "DDB40D8E-E934-47B1-A3A9-102F39C2FF21", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9952:-:*:*:*:*:*:*:*", matchCriteriaId: "0407203F-F9DE-4899-B0E6-226A7E9952CA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*", matchCriteriaId: "0C76B993-B660-41EB-A66A-96011A044BF6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt9982:-:*:*:*:*:*:*:*", matchCriteriaId: "5F8F0452-97F5-4BC6-AC85-42A24721F7CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.", }, ], id: "CVE-2023-20747", lastModified: "2025-01-07T20:15:28.907", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-06-06T13:15:14.887", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-843", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.", }, { lang: "es", value: "En flashc, existe una posible divulgación de información debido a una excepción no detectada. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541757; ID del problema: ALPS08541757.", }, ], id: "CVE-2024-20048", lastModified: "2025-04-23T13:47:45.370", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.280", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-248", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", matchCriteriaId: "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", matchCriteriaId: "DE093B34-F4CD-4052-8122-730D6537A91A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", matchCriteriaId: "2A7D8055-F4B6-41EE-A078-11D56285AB66", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.", }, { lang: "es", value: "En imgsys, hay una posible escritura fuera de los límites debido a una falta de comprobación de rango válido. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. Se necesita la interacción del usuario para la explotación. ID del parche: ALPS07326455; ID de la incidencia: ALPS07326441. ", }, ], id: "CVE-2023-20841", lastModified: "2024-11-21T07:41:40.223", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:11.003", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-18 15:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05654663; ID del Problema: ALPS05654663.", }, ], id: "CVE-2021-0670", lastModified: "2024-11-21T05:43:07.060", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-18T15:15:09.100", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 17:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270.", }, ], id: "CVE-2023-20701", lastModified: "2025-01-24T17:15:09.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.787", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-04 02:15
Modified
2024-11-21 07:41
Severity ?
Summary
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6735 | - | |
| mediatek | mt6737 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6753 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6757c | - | |
| mediatek | mt6757cd | - | |
| mediatek | mt6757ch | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6762 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.", }, ], id: "CVE-2023-20768", lastModified: "2024-11-21T07:41:30.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-04T02:15:10.383", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:47
Severity ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 3.3 | |
| rdkcentral | rdk-b | 2022q3 | |
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt2713 | - | |
| mediatek | mt2737 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6880 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6980 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt6990 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", matchCriteriaId: "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56", vulnerable: true, }, { criteria: "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", matchCriteriaId: "A1488152-CC93-40DF-8D1F-BF33DC8444FF", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", matchCriteriaId: "9C2A1118-B5F7-4EF5-B329-0887B5F3430E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", matchCriteriaId: "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.", }, { lang: "es", value: "En flashc, existe una posible divulgación de información debido a una excepción no detectada. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541757; ID del problema: ALPS08541757.", }, ], id: "CVE-2024-20050", lastModified: "2025-04-23T13:47:32.820", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:08.383", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-922", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-24 16:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6580 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.", }, ], id: "CVE-2023-20719", lastModified: "2025-01-24T16:15:29.153", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:11.273", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-04-22 13:52
Severity ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036695; Issue ID: MSV-1713.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036695; Issue ID: MSV-1713.", }, { lang: "es", value: " En ccu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09036695; ID de problema: MSV-1713.", }, ], id: "CVE-2024-20115", lastModified: "2025-04-22T13:52:31.220", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.923", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-06 18:15
Modified
2025-02-13 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.", }, ], id: "CVE-2023-20666", lastModified: "2025-02-13T15:15:14.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-06T18:15:09.130", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-05 06:15
Modified
2024-11-21 08:51
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 11.0 | ||
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6735 | - | |
| mediatek | mt6737 | - | |
| mediatek | mt6739 | - | |
| mediatek | mt6753 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.", }, { lang: "es", value: "En ged, existe una posible escritura fuera de los límites debido a un desbordamiento de enteros. Esto podría provocar una denegación de servicio local con los privilegios de ejecución de System necesarios. No se necesita la interacción del usuario para la explotación. ID de parche: ALPS07835901; ID del problema: ALPS07835901.", }, ], id: "CVE-2024-20016", lastModified: "2024-11-21T08:51:48.240", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-02-05T06:15:47.627", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-02 03:15
Modified
2024-11-21 08:04
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6879 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt6989 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8390 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.", }, { lang: "es", value: "En camera middleware, existe una posible escritura fuera de límites debido a una validación de entrada faltante. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07993539; ID del problema: ALPS07993539.", }, ], id: "CVE-2023-32827", lastModified: "2024-11-21T08:04:07.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-10-02T03:15:10.097", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-04 02:15
Modified
2024-11-21 07:41
Severity ?
Summary
In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | yocto | 4.0 | |
| android | 11.0 | ||
| android | 12.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8788 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", matchCriteriaId: "437D8F9D-67DF-47A5-9C96-5B51D1562951", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.", }, ], id: "CVE-2023-20693", lastModified: "2024-11-21T07:41:21.930", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-04T02:15:09.760", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.", }, { lang: "es", value: "En apusys, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. Esto podría conllevar a una escalada de privilegios local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05672107; ID de Incidencia: ALPS05687474", }, ], id: "CVE-2021-0893", lastModified: "2024-11-21T05:43:13.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:11.130", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-04 02:15
Modified
2025-04-22 13:53
Severity ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065928; Issue ID: MSV-1763.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/November-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065928; Issue ID: MSV-1763.", }, { lang: "es", value: "En ccu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los permisos de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09065928; ID de problema: MSV-1763.", }, ], id: "CVE-2024-20109", lastModified: "2025-04-22T13:53:16.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-11-04T02:15:16.387", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-15 22:15
Modified
2025-01-23 22:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| openwrt | openwrt | 19.07.0 | |
| openwrt | openwrt | 21.02.0 | |
| mediatek | mt6880 | - | |
| mediatek | mt6890 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8675 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", matchCriteriaId: "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", vulnerable: true, }, { criteria: "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", matchCriteriaId: "F0133207-2EED-4625-854F-8DB7770D5BF7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", matchCriteriaId: "68CF4A7A-3136-4C4C-A795-81323896BE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", matchCriteriaId: "171D1C08-F055-44C0-913C-AA2B73AF5B72", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).", }, ], id: "CVE-2023-20696", lastModified: "2025-01-23T22:15:10.733", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T22:15:10.563", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705.", }, { lang: "es", value: "En display, hay una posible lectura fuera de los límites debido a una verificación de estado incorrecta. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07993705; ID del problema: ALPS07993705.", }, ], id: "CVE-2023-32856", lastModified: "2024-11-21T08:04:11.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.093", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 07:41
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.", }, { lang: "es", value: "En pda, existe un posible use after free debido a una condición de ejecución. Esto podría llevar a una escalada local de privilegios con necesidad de privilegios de ejecución del sistema. No es necesaria la interacción del usuario para la explotación. ID de parche: ALPS07608514; ID del problema: ALPS07608514.", }, ], id: "CVE-2023-20834", lastModified: "2024-11-21T07:41:39.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-09-04T03:15:10.063", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-06 18:15
Modified
2025-02-12 16:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2715:-:*:*:*:*:*:*:*", matchCriteriaId: "FA252F20-1BB7-4654-972C-F257F37396A7", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", matchCriteriaId: "8BF784DB-3560-4045-BB32-F12DCF4C43B1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8169:-:*:*:*:*:*:*:*", matchCriteriaId: "E5375050-4568-4919-BFE3-A72E1C7E65A2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8192:-:*:*:*:*:*:*:*", matchCriteriaId: "422634C7-D280-4664-AEE2-AA5B6723B836", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", matchCriteriaId: "26573298-76BC-49FE-8D99-CF03ED01B185", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", matchCriteriaId: "78D4E9E1-B044-41EC-BE98-22DC0E5E9010", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8891:-:*:*:*:*:*:*:*", matchCriteriaId: "C450B83A-913C-4E5B-B025-11071B6824D7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.", }, ], id: "CVE-2023-20688", lastModified: "2025-02-12T16:15:36.617", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-06T18:15:09.810", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-07 04:15
Modified
2024-11-21 07:41
Severity ?
Summary
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.", }, ], id: "CVE-2023-20807", lastModified: "2024-11-21T07:41:34.103", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-07T04:15:14.120", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-04 03:15
Modified
2025-04-22 20:18
Severity ?
Summary
In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", matchCriteriaId: "03E6123A-7603-4EAB-AFFB-229E8A040709", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", matchCriteriaId: "EE302F6F-170E-4350-A8F4-65BE0C50CB78", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", matchCriteriaId: "1CF88096-5CBD-4A4B-8F47-33D38985956F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", matchCriteriaId: "DE5FB550-7264-4879-BAF9-6798949113AF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", matchCriteriaId: "336FC69E-E89F-4642-B6B9-8009D9A2BD52", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945.", }, { lang: "es", value: "En nvram, existe una posible divulgación de información debido a una verificación de los límites faltantes. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08499945; ID del problema: ALPS08499945.", }, ], id: "CVE-2024-20033", lastModified: "2025-04-22T20:18:33.123", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-04T03:15:07.630", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-01 03:15
Modified
2025-04-23 13:48
Severity ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| android | 14.0 | ||
| mediatek | mt6739 | - | |
| mediatek | mt6757 | - | |
| mediatek | mt6761 | - | |
| mediatek | mt6763 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8395 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8678 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8796 | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8798 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", matchCriteriaId: "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", matchCriteriaId: "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", matchCriteriaId: "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", matchCriteriaId: "637CAAD2-DCC0-4F81-B781-5D0536844CA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.", }, { lang: "es", value: "En da, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08541784; ID del problema: ALPS08541784.", }, ], id: "CVE-2024-20042", lastModified: "2025-04-23T13:48:16.787", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-01T03:15:07.953", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 10.0 | ||
| android | 11.0 | ||
| android | 12.0 | ||
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.", }, { lang: "es", value: "En Audio Aurisys HAL, se presenta una posible omisión de permisos debido a una falta de comprobación de permisos. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05977326; ID de Incidencia: ALPS05977326", }, ], id: "CVE-2021-0673", lastModified: "2024-11-21T05:43:07.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:10.737", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", matchCriteriaId: "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", matchCriteriaId: "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6570:-:*:*:*:*:*:*:*", matchCriteriaId: "975802CC-B130-4CF3-9B8E-A23DEA464259", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", matchCriteriaId: "46F71838-4E50-4F2A-9EB8-30AE5DF8511E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", matchCriteriaId: "C82E144B-0BAD-47E1-A657-3A5880988FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", matchCriteriaId: "4E76B29F-007E-4445-B3F3-3FDC054FEB84", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", matchCriteriaId: "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750:-:*:*:*:*:*:*:*", matchCriteriaId: "F51C9D91-A64F-446E-BC14-7C79B770C3A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", matchCriteriaId: "12A1CB8F-3C1C-4374-8D46-23175D1174DE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", matchCriteriaId: "7362AED0-47F2-4D48-A292-89F717F0697E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755:-:*:*:*:*:*:*:*", matchCriteriaId: "47BE9434-12D6-4801-8B04-7F18AF58E717", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6755s:-:*:*:*:*:*:*:*", matchCriteriaId: "7038AEA0-5BBE-44C9-92DE-96BDE3EEE45B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C27948-65A7-4B1E-9F10-6744D176A5C3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", matchCriteriaId: "D808EF4D-0A54-4324-8341-240F7AFABC40", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", matchCriteriaId: "64EDB89E-8140-4202-97B3-9D7337E90FDE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C5CC4F-DA66-4980-A4BB-693987431A38", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6758:-:*:*:*:*:*:*:*", matchCriteriaId: "B15C285A-0A26-46F7-9D72-CCADC47D93B0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", matchCriteriaId: "2F19C76A-50DF-4ACA-BACA-07157B4D838B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6797:-:*:*:*:*:*:*:*", matchCriteriaId: "CE7CC141-E2D6-4F28-B6F0-167E11869CD1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6799:-:*:*:*:*:*:*:*", matchCriteriaId: "FC0CAAE1-2BC9-49CA-AC68-2217A4258BDD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*", matchCriteriaId: "1E5B22E8-3536-4DBC-8E71-3E14FE45A887", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.", }, { lang: "es", value: "En el descodificador alac, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS06064258; ID de Incidencia: ALPS06064237", }, ], id: "CVE-2021-0674", lastModified: "2024-11-21T05:43:07.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:10.793", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-12-02 04:15
Modified
2025-04-22 13:49
Severity ?
Summary
In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@mediatek.com | https://corp.mediatek.com/product-security-bulletin/December-2024 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "717EE6D8-BCB9-4F8B-AC18-5B2CD6F847CC", versionEndIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", matchCriteriaId: "2700BCC5-634D-4EC6-AB67-5B678D5F951D", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", matchCriteriaId: "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*", matchCriteriaId: "2F897E19-008E-4DC8-B4CB-BF27044B9F5C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7DE6B2-66D9-4A3E-B15F-D56505559255", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", matchCriteriaId: "1A76806D-A4E3-466A-90CB-E9FFE478E7A0", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*", matchCriteriaId: "27CFC9DF-2F4C-469A-8A19-A260B1134CFE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*", matchCriteriaId: "05525018-AFE0-415C-A71C-A77922C7D637", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", matchCriteriaId: "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", matchCriteriaId: "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.", }, { lang: "es", value: "En el controlador WLAN, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría provocar la divulgación de información remota sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: ALPS08998291; ID de problema: MSV-1604.", }, ], id: "CVE-2024-20138", lastModified: "2025-04-22T13:49:26.753", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-12-02T04:15:06.133", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security@mediatek.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-04 03:15
Modified
2024-11-21 08:04
Severity ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 13.0 | ||
| mediatek | mt2713 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8666 | - | |
| mediatek | mt8667 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - | |
| mediatek | mt8781wifi | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8791t | - | |
| mediatek | mt8791wifi | - | |
| mediatek | mt8797 | - | |
| mediatek | mt8797wifi | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", matchCriteriaId: "7D1135F9-E38C-4308-BD32-A4D83959282E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", matchCriteriaId: "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", matchCriteriaId: "2FE14B46-C1CA-465F-8578-059FA2ED30EB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "DC1B2D4B-C7C3-420C-9361-6C056B4BCA9E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", matchCriteriaId: "1BB05B1D-77C9-4E42-91AD-9F087413DC20", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "720F4AA0-6AAE-465F-8F50-F11DD11B5FA3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "9BD3FB61-EA42-4D3D-9867-7EBCD0B8F647", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.", }, { lang: "es", value: "En el controlador Bluetooth, existe un posible acceso de lectura y escritura a los registros debido a un control de acceso inadecuado de la interfaz de registro. Esto podría conducir a la fuga local de información sensible con privilegios de ejecución del sistema necesarios. No es necesaria la interacción del usuario para su explotación. ID del parche: ALPS07849751; ID de la incidencia: ALPS07849751.", }, ], id: "CVE-2023-32808", lastModified: "2024-11-21T08:04:04.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-04T03:15:12.840", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-17 17:15
Modified
2024-11-21 05:43
Severity ?
Summary
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 8.1 | ||
| android | 9.0 | ||
| android | 10.0 | ||
| android | 11.0 | ||
| mediatek | mt6762 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6769 | - | |
| mediatek | mt6771 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6853t | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6875 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6891 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt8163 | - | |
| mediatek | mt8167 | - | |
| mediatek | mt8167s | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8173 | - | |
| mediatek | mt8175 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8185 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8321 | - | |
| mediatek | mt8362a | - | |
| mediatek | mt8365 | - | |
| mediatek | mt8385 | - | |
| mediatek | mt8735a | - | |
| mediatek | mt8735b | - | |
| mediatek | mt8765 | - | |
| mediatek | mt8766 | - | |
| mediatek | mt8768 | - | |
| mediatek | mt8771 | - | |
| mediatek | mt8786 | - | |
| mediatek | mt8788 | - | |
| mediatek | mt8789 | - | |
| mediatek | mt8791 | - | |
| mediatek | mt8797 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", matchCriteriaId: "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", matchCriteriaId: "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", matchCriteriaId: "D558D965-FA70-4822-A770-419E73BA9ED3", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", matchCriteriaId: "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", matchCriteriaId: "C445EB80-6021-4E26-B74E-1B4B6910CE48", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", matchCriteriaId: "D23991D5-1893-49F4-8A06-D5E66C96C3B3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", matchCriteriaId: "BE4D2AED-C713-407F-A34A-52C3D8F65835", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", matchCriteriaId: "328DA6BE-1303-4646-89B7-2EC8DC444532", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", matchCriteriaId: "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*", matchCriteriaId: "1D2ED140-C41B-418B-9DC7-8C486304E769", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", matchCriteriaId: "3B5FE245-6346-4078-A3D0-E5F79BB636B8", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", matchCriteriaId: "639C5BDE-2E83-427A-BAB7-85EA9348AC68", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", matchCriteriaId: "4452EFCF-5733-40A0-8726-F8E33E569411", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", matchCriteriaId: "582F1041-CD84-4763-AD6F-E08DD11F689F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", matchCriteriaId: "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", matchCriteriaId: "793B7F88-79E7-4031-8AD0-35C9BFD073C4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", matchCriteriaId: "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", matchCriteriaId: "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", matchCriteriaId: "299378ED-41CE-4966-99B1-65D2BA1215EF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8735a:-:*:*:*:*:*:*:*", matchCriteriaId: "45A7A805-EFED-47B3-884C-158FF1EECAEC", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8735b:-:*:*:*:*:*:*:*", matchCriteriaId: "E1BB519B-9BA4-4D4A-8ED1-CE79E56E70E4", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", matchCriteriaId: "3AACF35D-27E0-49AF-A667-13585C8B8071", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", matchCriteriaId: "CE45F606-2E75-48BC-9D1B-99D504974CBF", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", matchCriteriaId: "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", matchCriteriaId: "0D09F23D-D023-4A60-B426-61251FDD8A5A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", matchCriteriaId: "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", matchCriteriaId: "FE10C121-F2AD-43D2-8FF9-A6C197858220", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", matchCriteriaId: "1505AD53-987E-4328-8E1D-F5F1EC12B677", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", matchCriteriaId: "9CD2C3EC-B62D-4616-964F-FDBE5B14A449", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", matchCriteriaId: "2B469BF4-5961-42E9-814B-1BE06D182E45", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.", }, { lang: "es", value: "En el controlador geniezone, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría conllevar a una divulgación de información local con privilegios de ejecución System requeridos. No es requerida una interacción del usuario para su explotación. ID del Parche: ALPS05863009; ID de Incidencia: ALPS05863009", }, ], id: "CVE-2021-0676", lastModified: "2024-11-21T05:43:07.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-17T17:15:10.933", references: [ { source: "security@android.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], sourceIdentifier: "security@android.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 04:15
Modified
2024-11-21 08:04
Severity ?
Summary
In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 12.0 | ||
| android | 13.0 | ||
| mediatek | mt6761 | - | |
| mediatek | mt6765 | - | |
| mediatek | mt6768 | - | |
| mediatek | mt6779 | - | |
| mediatek | mt6781 | - | |
| mediatek | mt6785 | - | |
| mediatek | mt6789 | - | |
| mediatek | mt6833 | - | |
| mediatek | mt6835 | - | |
| mediatek | mt6853 | - | |
| mediatek | mt6855 | - | |
| mediatek | mt6873 | - | |
| mediatek | mt6877 | - | |
| mediatek | mt6879 | - | |
| mediatek | mt6883 | - | |
| mediatek | mt6885 | - | |
| mediatek | mt6886 | - | |
| mediatek | mt6889 | - | |
| mediatek | mt6893 | - | |
| mediatek | mt6895 | - | |
| mediatek | mt6983 | - | |
| mediatek | mt6985 | - | |
| mediatek | mt8168 | - | |
| mediatek | mt8183 | - | |
| mediatek | mt8188 | - | |
| mediatek | mt8195 | - | |
| mediatek | mt8673 | - | |
| mediatek | mt8781 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", matchCriteriaId: "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", vulnerable: true, }, { criteria: "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", matchCriteriaId: "879FFD0C-9B38-4CAA-B057-1086D794D469", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", matchCriteriaId: "F726F486-A86F-4215-AD93-7A07A071844A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", matchCriteriaId: "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", matchCriteriaId: "06CD97E1-8A76-48B4-9780-9698EF5A960F", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", matchCriteriaId: "EBA369B8-8E23-492B-82CC-23114E6A5D1C", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", matchCriteriaId: "C4EEE021-6B2A-47A0-AC6B-55525A40D718", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", matchCriteriaId: "A82E0A4F-072F-474C-B94C-8114ABE05639", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", matchCriteriaId: "8B9B0D82-82C1-4A77-A016-329B99C45F49", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", matchCriteriaId: "9814939B-F05E-4870-90C0-7C0F6BAAEB39", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", matchCriteriaId: "19A63103-C708-48EC-B44D-5E465A6B79C5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", matchCriteriaId: "366F1912-756B-443E-9962-224937DD7DFB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", matchCriteriaId: "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", matchCriteriaId: "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", matchCriteriaId: "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", matchCriteriaId: "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", matchCriteriaId: "15E2EC3F-9FB3-488B-B1C1-2793A416C755", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", matchCriteriaId: "DD64413C-C774-4C4F-9551-89E1AA9469EE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", matchCriteriaId: "AF3E2B84-DAFE-4E11-B23B-026F719475F5", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", matchCriteriaId: "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", matchCriteriaId: "213B5C7F-D965-4312-9CDF-4F06FA77D401", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", matchCriteriaId: "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", matchCriteriaId: "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", matchCriteriaId: "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", matchCriteriaId: "3CE2FC35-716A-4706-97BA-5DB165041580", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", matchCriteriaId: "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", matchCriteriaId: "BA3D4A45-38EE-4125-AE67-89D1C707F95A", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", matchCriteriaId: "ED210E64-6CE7-42B1-849E-68C0E22521F6", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", matchCriteriaId: "152F6606-FA23-4530-AA07-419866B74CB3", vulnerable: false, }, { criteria: "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", matchCriteriaId: "533284E5-C3AF-48D3-A287-993099DB2E41", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740.", }, { lang: "es", value: "En display drm, hay una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS07363740; ID del problema: ALPS07363740.", }, ], id: "CVE-2023-32870", lastModified: "2024-11-21T08:04:14.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T04:15:08.760", references: [ { source: "security@mediatek.com", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], sourceIdentifier: "security@mediatek.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-32885
Vulnerability from cvelistv5
Published
2024-01-02 02:49
Modified
2025-04-17 18:52
Severity ?
EPSS score ?
Summary
In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:45.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32885", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-09T15:21:27.278544Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-17T18:52:16.226Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8188, MT8195, MT8766, MT8768, MT8781, MT8789, MT8791T, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-02T02:49:58.321Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32885", datePublished: "2024-01-02T02:49:58.321Z", dateReserved: "2023-05-16T03:04:32.173Z", dateUpdated: "2025-04-17T18:52:16.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20666
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2025-02-13 14:58
Severity ?
EPSS score ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6855, MT6895, MT6983, MT8188, MT8195, MT8365, MT8781, MT8795T, MT8798 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:39.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20666", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-13T14:57:41.806737Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T14:58:19.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6855, MT6895, MT6983, MT8188, MT8195, MT8365, MT8781, MT8795T, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20666", datePublished: "2023-04-06T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-02-13T14:58:19.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20111
Vulnerability from cvelistv5
Published
2024-11-04 01:48
Modified
2025-03-13 16:36
Severity ?
EPSS score ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195 |
Version: Android 12.0, 13.0, 14.0, 15.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20111", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:49:58.056723Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-13T16:36:05.169Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:48:49.170Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20111", datePublished: "2024-11-04T01:48:49.170Z", dateReserved: "2023-11-02T13:35:35.178Z", dateUpdated: "2025-03-13T16:36:05.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0901
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:14", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0901", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0901", datePublished: "2021-12-17T16:10:14", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32814
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:11
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32814", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:20.400550Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:11:58.933Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:23.879Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32814", datePublished: "2023-09-04T02:28:23.879Z", dateReserved: "2023-05-16T03:04:32.146Z", dateUpdated: "2024-10-08T20:11:58.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20775
Vulnerability from cvelistv5
Published
2023-07-04 01:44
Modified
2024-12-04 16:23
Severity ?
EPSS score ?
Summary
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8183, MT8195, MT8673, MT8781 |
Version: Android 12.0, 13.0 / OpenWrt 21.02 / RDKB 2022Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20775", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T16:22:40.243485Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T16:23:07.238Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8183, MT8195, MT8673, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 21.02 / RDKB 2022Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-04T01:44:43.844Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20775", datePublished: "2023-07-04T01:44:43.844Z", dateReserved: "2022-10-28T02:03:10.775Z", dateUpdated: "2024-12-04T16:23:07.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20704
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 19:23
Severity ?
EPSS score ?
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.450Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20704", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T19:23:23.086061Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284 Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T19:23:28.291Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20704", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T19:23:28.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32812
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-21 18:03
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365 |
Version: Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { status: "affected", version: "Android 13.0", }, { status: "affected", version: "OpenWrt 1907", }, { status: "affected", version: "OpenWrt 2102", }, { status: "affected", version: "Yocto 2.6", }, { status: "affected", version: "RDK-B 22Q3", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32812", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:34.549974Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T18:03:30.573Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:20.521Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32812", datePublished: "2023-09-04T02:28:20.521Z", dateReserved: "2023-05-16T03:04:32.146Z", dateUpdated: "2024-10-21T18:03:30.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20845
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:12
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.202Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20845", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:27.692507Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:12:45.420Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:57.105Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20845", datePublished: "2023-09-04T02:27:57.105Z", dateReserved: "2022-10-28T02:03:23.692Z", dateUpdated: "2024-10-08T20:12:45.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20850
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-01 17:38
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yocto", vendor: "linuxfoundation", versions: [ { status: "affected", version: "4.0", }, ], }, { cpes: [ "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iot_yocto", vendor: "mediatek", versions: [ { status: "affected", version: "23.0", }, ], }, { cpes: [ "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11.0", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, ], }, { cpes: [ "cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "linux_kernel", vendor: "linux", versions: [ { status: "affected", version: "6.1", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20850", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T17:22:21.552027Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T17:38:18.992Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:05.423Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20850", datePublished: "2023-09-04T02:28:05.423Z", dateReserved: "2022-10-28T02:03:23.696Z", dateUpdated: "2024-10-01T17:38:18.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20746
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 19:22
Severity ?
EPSS score ?
Summary
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20746", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T19:21:54.476533Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-667", description: "CWE-667 Improper Locking", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T19:22:00.478Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:43.256Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20746", datePublished: "2023-06-06T12:11:43.256Z", dateReserved: "2022-10-28T02:03:10.769Z", dateUpdated: "2025-01-07T19:22:00.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32827
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-21 15:23
Severity ?
EPSS score ?
Summary
In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8675", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32827", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-21T15:22:10.766198Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-21T15:23:18.113Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T02:05:38.331Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32827", datePublished: "2023-10-02T02:05:38.331Z", dateReserved: "2023-05-16T03:04:32.150Z", dateUpdated: "2024-09-21T15:23:18.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20826
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-28 01:34
Severity ?
EPSS score ?
Summary
In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T16:54:20.332097Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T01:34:15.973Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6761, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:25.656Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20826", datePublished: "2023-09-04T02:27:25.656Z", dateReserved: "2022-10-28T02:03:23.683Z", dateUpdated: "2024-10-28T01:34:15.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20743
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 21:01
Severity ?
EPSS score ?
Summary
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797 |
Version: Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20743", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T21:01:46.711289Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-667", description: "CWE-667 Improper Locking", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T21:01:51.314Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:37.191Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20743", datePublished: "2023-06-06T12:11:37.191Z", dateReserved: "2022-10-28T02:03:10.768Z", dateUpdated: "2025-01-07T21:01:51.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20638
Vulnerability from cvelistv5
Published
2025-02-03 03:23
Modified
2025-02-03 15:58
Severity ?
EPSS score ?
Summary
In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20638", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T15:55:43.058184Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T15:58:37.948Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-457", description: "CWE-457 Use of Uninitialized Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:23:59.474Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20638", datePublished: "2025-02-03T03:23:59.474Z", dateReserved: "2024-11-01T01:21:50.363Z", dateUpdated: "2025-02-03T15:58:37.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20798
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:31
Severity ?
EPSS score ?
Summary
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20798", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:30:56.120536Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:31:09.769Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:34.035Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20798", datePublished: "2023-08-07T03:21:34.035Z", dateReserved: "2022-10-28T02:03:10.781Z", dateUpdated: "2024-10-17T14:31:09.769Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32829
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-21 15:20
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395 |
Version: Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6896", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8137:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8137", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8139:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8139", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195z", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32829", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-21T15:20:25.750588Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-21T15:20:30.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T02:05:42.049Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32829", datePublished: "2023-10-02T02:05:42.049Z", dateReserved: "2023-05-16T03:04:32.150Z", dateUpdated: "2024-09-21T15:20:30.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20130
Vulnerability from cvelistv5
Published
2024-12-02 03:07
Modified
2024-12-03 04:55
Severity ?
EPSS score ?
Summary
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6878", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6896", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6897", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8676", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8678", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8696", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8796", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20130", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T04:55:26.732Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8195, MT8676, MT8678, MT8696, MT8796", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-02T03:07:00.229Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20130", datePublished: "2024-12-02T03:07:00.229Z", dateReserved: "2023-11-02T13:35:35.180Z", dateUpdated: "2024-12-03T04:55:26.732Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20040
Vulnerability from cvelistv5
Published
2024-04-01 02:34
Modified
2025-03-13 18:23
Severity ?
EPSS score ?
Summary
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6580, MT6761, MT6762, MT6768, MT6781, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8188, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8673, MT8678, MT8781, MT8791T, MT8792, MT8796, MT8797, MT8798 |
Version: Android 12.0, 13.0, 14.0 / Linux 4.19 / Yocto 3.3, 4.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6580", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6762", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853t", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6875", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7902", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7915", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7916", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7920", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7921", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7922", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7925", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7927", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7981", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7986", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8370", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8518s", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8532", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { status: "affected", version: "-", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, ], }, { cpes: [ "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "linux_kernel", vendor: "linux", versions: [ { status: "affected", version: "4.19", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20040", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-02T17:44:22.021834Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T18:23:26.908Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.513Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6761, MT6762, MT6768, MT6781, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8188, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8673, MT8678, MT8781, MT8791T, MT8792, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0 / Linux 4.19 / Yocto 3.3, 4.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:34:53.921Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20040", datePublished: "2024-04-01T02:34:53.921Z", dateReserved: "2023-11-02T13:35:35.154Z", dateUpdated: "2025-03-13T18:23:26.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20725
Vulnerability from cvelistv5
Published
2023-06-06 12:12
Modified
2025-01-07 20:13
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8175, MT8195, MT8365, MT8385, MT8673, MT8781, MT8788, MT8789 |
Version: Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 2022Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20725", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T20:12:10.519743Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T20:13:21.695Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8175, MT8195, MT8365, MT8385, MT8673, MT8781, MT8788, MT8789", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 2022Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:12:12.278Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20725", datePublished: "2023-06-06T12:12:12.278Z", dateReserved: "2022-10-28T02:03:10.766Z", dateUpdated: "2025-01-07T20:13:21.695Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20042
Vulnerability from cvelistv5
Published
2024-04-01 02:34
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6757", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6763", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8183", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20042", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-01T19:22:00.900461Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:33.889Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8183, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:34:59.065Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20042", datePublished: "2024-04-01T02:34:59.065Z", dateReserved: "2023-11-02T13:35:35.156Z", dateUpdated: "2024-08-01T21:52:31.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20786
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-12-04 15:14
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20786", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T15:13:52.652027Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T15:14:25.900Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8362A, MT8365, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:12.540Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20786", datePublished: "2023-08-07T03:21:12.540Z", dateReserved: "2022-10-28T02:03:10.777Z", dateUpdated: "2024-12-04T15:14:25.900Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20731
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-08 14:59
Severity ?
EPSS score ?
Summary
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20731", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T14:59:39.633328Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-08T14:59:48.975Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 3.1,3.3,4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:13.200Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20731", datePublished: "2023-06-06T12:11:13.200Z", dateReserved: "2022-10-28T02:03:10.767Z", dateUpdated: "2025-01-08T14:59:48.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32884
Vulnerability from cvelistv5
Published
2024-01-02 02:49
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8192, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8696, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-02T02:49:56.354Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32884", datePublished: "2024-01-02T02:49:56.354Z", dateReserved: "2023-05-16T03:04:32.173Z", dateUpdated: "2024-08-02T15:32:46.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0679
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:08", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0679", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0679", datePublished: "2021-12-17T16:10:08", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32867
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:19.835Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32867", datePublished: "2023-12-04T03:46:19.835Z", dateReserved: "2023-05-16T03:04:32.162Z", dateUpdated: "2024-08-02T15:32:46.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20749
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 19:09
Severity ?
EPSS score ?
Summary
In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20749", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T19:09:45.150222Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T19:09:50.168Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6835, MT6855, MT6879, MT6886, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:47.207Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20749", datePublished: "2023-06-06T12:11:47.207Z", dateReserved: "2022-10-28T02:03:10.770Z", dateUpdated: "2025-01-07T19:09:50.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20643
Vulnerability from cvelistv5
Published
2025-02-03 03:24
Modified
2025-02-03 17:15
Severity ?
EPSS score ?
Summary
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20643", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T17:13:46.867459Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T17:15:03.076Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1295", description: "CWE-1295 Debug Messages Revealing Unnecessary Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:24:08.097Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20643", datePublished: "2025-02-03T03:24:08.097Z", dateReserved: "2024-11-01T01:21:50.364Z", dateUpdated: "2025-02-03T17:15:03.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20806
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:33
Severity ?
EPSS score ?
Summary
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20806", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:25:59.271346Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:33:52.021Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:50.672Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20806", datePublished: "2023-08-07T03:21:50.672Z", dateReserved: "2022-10-28T02:03:23.671Z", dateUpdated: "2024-10-17T14:33:52.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32859
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-10-17 15:20
Severity ?
EPSS score ?
Summary
In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.661Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8675:*:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32859", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:02.983895Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-17T15:20:45.998Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8362A, MT8365, MT8390, MT8395, MT8666, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:07.877Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32859", datePublished: "2023-12-04T03:46:07.877Z", dateReserved: "2023-05-16T03:04:32.160Z", dateUpdated: "2024-10-17T15:20:45.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32822
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-23 15:23
Severity ?
EPSS score ?
Summary
In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.057Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6762", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6769", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32822", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T15:21:42.816055Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-23T15:23:49.381Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T02:05:31.556Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32822", datePublished: "2023-10-02T02:05:31.556Z", dateReserved: "2023-05-16T03:04:32.148Z", dateUpdated: "2024-09-23T15:23:49.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20673
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 16:30
Severity ?
EPSS score ?
Summary
In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9023, MT9025, MT9618, MT9653, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982 |
Version: Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.019Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20673", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T16:30:10.453334Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T16:30:14.579Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9023, MT9025, MT9618, MT9653, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20673", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T16:30:14.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20750
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 19:07
Severity ?
EPSS score ?
Summary
In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20750", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T19:07:42.652304Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T19:07:56.663Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6835, MT6886, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780928.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:49.210Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20750", datePublished: "2023-06-06T12:11:49.210Z", dateReserved: "2022-10-28T02:03:10.770Z", dateUpdated: "2025-01-07T19:07:56.663Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20147
Vulnerability from cvelistv5
Published
2025-02-03 03:24
Modified
2025-02-03 16:24
Severity ?
EPSS score ?
Summary
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6985, MT6989, MT6990, MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8678 |
Version: Android 13.0, 14.0, 15.0 / SDK release 2.5, 3.5 and before / openWRT 23.05 / Yocto 3.3, 4.0, 5.0 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20147", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T16:19:17.342826Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617 Reachable Assertion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T16:24:37.635Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6985, MT6989, MT6990, MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8678", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0, 15.0 / SDK release 2.5, 3.5 and before / openWRT 23.05 / Yocto 3.3, 4.0, 5.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617 Reachable Assertion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:24:09.635Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20147", datePublished: "2025-02-03T03:24:09.635Z", dateReserved: "2023-11-02T13:35:35.186Z", dateUpdated: "2025-02-03T16:24:37.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32856
Vulnerability from cvelistv5
Published
2023-12-04 03:45
Modified
2024-08-29 13:34
Severity ?
EPSS score ?
Summary
In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-32856", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T13:33:56.357241Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T13:34:31.127Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:45:54.891Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32856", datePublished: "2023-12-04T03:45:54.891Z", dateReserved: "2023-05-16T03:04:32.158Z", dateUpdated: "2024-08-29T13:34:31.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20831
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:22
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8175, MT8195, MT8362A, MT8365 |
Version: Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.994Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2735", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6762", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6769", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6875", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6880", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6980", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T15:21:56.960191Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-10T15:22:06.368Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8175, MT8195, MT8362A, MT8365", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:34.059Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20831", datePublished: "2023-09-04T02:27:34.059Z", dateReserved: "2022-10-28T02:03:23.685Z", dateUpdated: "2024-10-10T15:22:06.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20655
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2025-03-17 18:21
Severity ?
EPSS score ?
Summary
In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20655", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-17T18:21:14.383477Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T18:21:40.208Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2715, MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8192, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20655", datePublished: "2023-04-06T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-03-17T18:21:40.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20011
Vulnerability from cvelistv5
Published
2024-02-05 05:59
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6985, MT8127, MT8135, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8188, MT8188T, MT8195, MT8195Z, MT8312C, MT8312D |
Version: Android 11.0, 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6985, MT8127, MT8135, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8188, MT8188T, MT8195, MT8195Z, MT8312C, MT8312D", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T05:59:32.380Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20011", datePublished: "2024-02-05T05:59:32.380Z", dateReserved: "2023-11-02T13:35:35.149Z", dateUpdated: "2024-08-01T21:52:31.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20751
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 19:02
Severity ?
EPSS score ?
Summary
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20751", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T19:02:35.307388Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T19:02:40.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:51.177Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20751", datePublished: "2023-06-06T12:11:51.177Z", dateReserved: "2022-10-28T02:03:10.770Z", dateUpdated: "2025-01-07T19:02:40.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20803
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 15:14
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, { cpes: [ "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yocto", vendor: "linuxfoundation", versions: [ { status: "affected", version: "4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20803", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T14:59:45.539222Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T15:14:20.728Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:44.390Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20803", datePublished: "2023-08-07T03:21:44.390Z", dateReserved: "2022-10-28T02:03:23.671Z", dateUpdated: "2024-10-22T15:14:20.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20113
Vulnerability from cvelistv5
Published
2024-11-04 01:48
Modified
2024-11-04 10:48
Severity ?
EPSS score ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036814; Issue ID: MSV-1715.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT8188, MT8195 |
Version: Android 12.0, 13.0, 14.0, 15.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20113", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:48:06.261238Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T10:48:11.559Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036814; Issue ID: MSV-1715.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:48:56.773Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20113", datePublished: "2024-11-04T01:48:56.773Z", dateReserved: "2023-11-02T13:35:35.178Z", dateUpdated: "2024-11-04T10:48:11.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20688
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2025-02-12 15:22
Severity ?
EPSS score ?
Summary
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20688", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-12T15:21:29.259466Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-12T15:22:47.750Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2715, MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8169, MT8173, MT8175, MT8183, MT8185, MT8188, MT8192, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8891", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20688", datePublished: "2023-04-06T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-02-12T15:22:47.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20841
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 17:25
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.995Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { status: "affected", version: "Android 11.0", }, { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Linux 6.1", }, { status: "affected", version: "IOT-v23.0", }, { status: "affected", version: "Yocto 4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20841", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:39.302243Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T17:25:15.440Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:50.280Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20841", datePublished: "2023-09-04T02:27:50.280Z", dateReserved: "2022-10-28T02:03:23.690Z", dateUpdated: "2024-10-21T17:25:15.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20051
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-11-04 14:33
Severity ?
EPSS score ?
Summary
In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
Version: Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20051", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-01T17:48:41.268314Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T14:33:43.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:14.528Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20051", datePublished: "2024-04-01T02:35:14.528Z", dateReserved: "2023-11-02T13:35:35.159Z", dateUpdated: "2024-11-04T14:33:43.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32815
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:11
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8188T, MT8195, MT8365 |
Version: Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32815", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:17.767811Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:11:52.179Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8188T, MT8195, MT8365", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:25.569Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32815", datePublished: "2023-09-04T02:28:25.569Z", dateReserved: "2023-05-16T03:04:32.146Z", dateUpdated: "2024-10-08T20:11:52.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32817
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:39
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32817", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:15.323540Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:39:56.429Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:28.890Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32817", datePublished: "2023-09-04T02:28:28.890Z", dateReserved: "2023-05-16T03:04:32.147Z", dateUpdated: "2024-10-08T20:39:56.429Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20694
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:33
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.774Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20694", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:31:37.322913Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:33:03.006Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6789, MT6853, MT6855, MT6873, MT6879, MT6880, MT6885, MT6890, MT6895, MT6983, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 19.07, 21.02", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20694", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:33:03.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20043
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6757", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6763", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T19:52:09.836241Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T18:28:44.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.762Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:00.812Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20043", datePublished: "2024-04-01T02:35:00.812Z", dateReserved: "2023-11-02T13:35:35.156Z", dateUpdated: "2024-08-01T21:52:31.762Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20721
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 15:03
Severity ?
EPSS score ?
Summary
In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6895, MT6983, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20721", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:02:37.270743Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T15:03:47.888Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6895, MT6983, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20721", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T15:03:47.888Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20640
Vulnerability from cvelistv5
Published
2025-02-03 03:24
Modified
2025-02-03 17:21
Severity ?
EPSS score ?
Summary
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20640", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T17:21:28.361630Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T17:21:58.142Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:24:03.332Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20640", datePublished: "2025-02-03T03:24:03.332Z", dateReserved: "2024-11-01T01:21:50.363Z", dateUpdated: "2025-02-03T17:21:58.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0672
Vulnerability from cvelistv5
Published
2021-11-18 14:54
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035
References
| ▼ | URL | Tags |
|---|---|---|
| https://source.android.com/security/bulletin/2021-11-01 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.235Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://source.android.com/security/bulletin/2021-11-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android SoC", }, ], }, ], descriptions: [ { lang: "en", value: "In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-15T18:05:34", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://source.android.com/security/bulletin/2021-11-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0672", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Android", version: { version_data: [ { version_value: "Android SoC", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://source.android.com/security/bulletin/2021-11-01", refsource: "MISC", url: "https://source.android.com/security/bulletin/2021-11-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0672", datePublished: "2021-11-18T14:54:11", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0671
Vulnerability from cvelistv5
Published
2021-11-18 14:58
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.261Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:58:55", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0671", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0671", datePublished: "2021-11-18T14:58:55", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.261Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32813
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:12
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.090Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32813", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:21.839774Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:12:06.387Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:22.213Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32813", datePublished: "2023-09-04T02:28:22.213Z", dateReserved: "2023-05-16T03:04:32.146Z", dateUpdated: "2024-10-08T20:12:06.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20790
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:35
Severity ?
EPSS score ?
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20790", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:35:07.250648Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:35:32.306Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT2737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3", }, ], }, ], descriptions: [ { lang: "en", value: "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:22.382Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20790", datePublished: "2023-08-07T03:21:22.382Z", dateReserved: "2022-10-28T02:03:10.778Z", dateUpdated: "2024-10-17T14:35:32.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20774
Vulnerability from cvelistv5
Published
2023-07-04 01:44
Modified
2024-12-04 16:21
Severity ?
EPSS score ?
Summary
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6835, MT6855, MT6886, MT6895, MT6983, MT6985, MT8195, MT8673, MT8781 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20774", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T16:21:43.941249Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T16:21:59.663Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6835, MT6855, MT6886, MT6895, MT6983, MT6985, MT8195, MT8673, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292228; Issue ID: ALPS07292228.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-04T01:44:41.321Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20774", datePublished: "2023-07-04T01:44:41.321Z", dateReserved: "2022-10-28T02:03:10.774Z", dateUpdated: "2024-12-04T16:21:59.663Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20033
Vulnerability from cvelistv5
Published
2024-03-04 02:43
Modified
2024-11-01 15:24
Severity ?
EPSS score ?
Summary
In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20033", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-06T15:50:14.898059Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T15:24:40.621Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT6789, MT6835, MT6855, MT6879, MT6883, MT6885, MT6886, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8792, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-04T02:43:48.493Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20033", datePublished: "2024-03-04T02:43:48.493Z", dateReserved: "2023-11-02T13:35:35.152Z", dateUpdated: "2024-11-01T15:24:40.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0622
Vulnerability from cvelistv5
Published
2021-11-18 14:55
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:55:30", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0622", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0622", datePublished: "2021-11-18T14:55:30", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0896
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:11", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0896", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0896", datePublished: "2021-12-17T16:10:11", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0900
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:13", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0900", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0900", datePublished: "2021-12-17T16:10:13", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20016
Vulnerability from cvelistv5
Published
2024-02-05 05:59
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6735", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6737", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6753", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6757", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6763", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8183", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_11.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20016", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-13T15:09:47.327069Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:09.591Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.740Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8183, MT8188, MT8195, MT8765, MT8766, MT8768, MT8791, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T05:59:39.607Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20016", datePublished: "2024-02-05T05:59:39.607Z", dateReserved: "2023-11-02T13:35:35.150Z", dateUpdated: "2024-08-01T21:52:31.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20703
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 16:32
Severity ?
EPSS score ?
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20703", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T16:32:21.865086Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T16:32:28.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20703", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T16:32:28.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20804
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 15:14
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.978Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, { cpes: [ "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yocto", vendor: "linuxfoundation", versions: [ { status: "affected", version: "4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20804", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T14:59:35.581255Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T15:14:08.297Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:46.656Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20804", datePublished: "2023-08-07T03:21:46.656Z", dateReserved: "2022-10-28T02:03:23.671Z", dateUpdated: "2024-10-22T15:14:08.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32825
Vulnerability from cvelistv5
Published
2023-11-06 03:50
Modified
2024-09-05 15:08
Severity ?
EPSS score ?
Summary
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.016Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32825", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T15:07:57.656951Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T15:08:03.908Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT7921, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8390, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-06T03:50:56.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32825", datePublished: "2023-11-06T03:50:56.000Z", dateReserved: "2023-05-16T03:04:32.149Z", dateUpdated: "2024-09-05T15:08:03.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20109
Vulnerability from cvelistv5
Published
2024-11-04 01:48
Modified
2024-11-04 10:53
Severity ?
EPSS score ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065928; Issue ID: MSV-1763.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195 |
Version: Android 12.0, 13.0, 14.0, 15.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20109", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:52:55.141883Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T10:53:33.541Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065928; Issue ID: MSV-1763.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:48:45.747Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20109", datePublished: "2024-11-04T01:48:45.747Z", dateReserved: "2023-11-02T13:35:35.178Z", dateUpdated: "2024-11-04T10:53:33.541Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32810
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT5221, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6890, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8365, MT8385, MT8518S, MT8532, MT8666, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 12.0, 13.0 / RDK-B 22Q3 / Linux4.19 / Yocto 3.1, 3.3, 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.019Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT5221, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6890, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8365, MT8385, MT8518S, MT8532, MT8666, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / RDK-B 22Q3 / Linux4.19 / Yocto 3.1, 3.3, 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:17.305Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32810", datePublished: "2023-09-04T02:28:17.305Z", dateReserved: "2023-05-16T03:04:32.146Z", dateUpdated: "2024-08-02T15:25:37.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20652
Vulnerability from cvelistv5
Published
2025-03-03 02:25
Modified
2025-03-04 16:11
Severity ?
EPSS score ?
Summary
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20652", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-04T16:10:54.407307Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-04T16:11:22.574Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T02:25:48.870Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20652", datePublished: "2025-03-03T02:25:48.870Z", dateReserved: "2024-11-01T01:21:50.366Z", dateUpdated: "2025-03-04T16:11:22.574Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32857
Vulnerability from cvelistv5
Published
2023-12-04 03:45
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:45.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:45:56.360Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32857", datePublished: "2023-12-04T03:45:56.360Z", dateReserved: "2023-05-16T03:04:32.159Z", dateUpdated: "2024-08-02T15:32:45.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0670
Vulnerability from cvelistv5
Published
2021-11-18 14:58
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:58:46", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0670", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0670", datePublished: "2021-11-18T14:58:46", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32868
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:45.347Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:21.321Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32868", datePublished: "2023-12-04T03:46:21.321Z", dateReserved: "2023-05-16T03:04:32.163Z", dateUpdated: "2024-08-02T15:32:45.347Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20658
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2025-03-17 18:19
Severity ?
EPSS score ?
Summary
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6983, MT8188, MT8195, MT8673, MT8795T, MT8798 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20658", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-17T18:19:45.929075Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T18:19:56.835Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6983, MT8188, MT8195, MT8673, MT8795T, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20658", datePublished: "2023-04-06T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-03-17T18:19:56.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20735
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-08 14:30
Severity ?
EPSS score ?
Summary
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20735", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T14:30:12.208213Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-08T14:30:18.073Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:21.208Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20735", datePublished: "2023-06-06T12:11:21.208Z", dateReserved: "2022-10-28T02:03:10.767Z", dateUpdated: "2025-01-08T14:30:18.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20801
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-11-07 16:32
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/Yocto_4.0\\/", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20801", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T16:25:33.232213Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T16:32:54.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:40.073Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20801", datePublished: "2023-08-07T03:21:40.073Z", dateReserved: "2022-10-28T02:03:10.781Z", dateUpdated: "2024-11-07T16:32:54.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20054
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2735, MT2737, MT6762, MT6765, MT6769, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT8168, MT8173, MT8195, MT8321, MT8385, MT8390, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8791T, MT8792, MT8796, MT8893 |
Version: Android 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_13.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20054", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T20:26:30.833411Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:32.140Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.766Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2735, MT2737, MT6762, MT6765, MT6769, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT8168, MT8173, MT8195, MT8321, MT8385, MT8390, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8791T, MT8792, MT8796, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:19.821Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20054", datePublished: "2024-04-01T02:35:19.821Z", dateReserved: "2023-11-02T13:35:35.160Z", dateUpdated: "2024-08-01T21:52:31.766Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0621
Vulnerability from cvelistv5
Published
2021-11-18 14:55
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.224Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8184, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:55:03", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8184, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0621", datePublished: "2021-11-18T14:55:03", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.224Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20030
Vulnerability from cvelistv5
Published
2024-03-04 02:43
Modified
2024-10-29 20:51
Severity ?
EPSS score ?
Summary
In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8195, MT8512 |
Version: Android 12.0, 13.0, 14.0 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20030", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-04T14:15:08.442297Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:51:38.927Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.782Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8195, MT8512", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-04T02:43:41.943Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20030", datePublished: "2024-03-04T02:43:41.943Z", dateReserved: "2023-11-02T13:35:35.152Z", dateUpdated: "2024-10-29T20:51:38.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20023
Vulnerability from cvelistv5
Published
2022-01-04 15:57
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/January-2022 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT7662T, MT7663, MT7668, MT7915, MT7920, MT7921, MT7922, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8362B, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-04T15:57:24", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mediatek.com", ID: "CVE-2022-20023", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT7662T, MT7663, MT7668, MT7915, MT7920, MT7921, MT7922, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8362B, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "MediaTek, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/January-2022", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2022-20023", datePublished: "2022-01-04T15:57:24", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-03T01:55:46.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20728
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 20:16
Severity ?
EPSS score ?
Summary
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.968Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20728", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T20:15:22.202999Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T20:16:26.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6781, MT6789, MT6833, MT6835, MT6855, MT6877, MT6879, MT6886, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8185, MT8195, MT8362A, MT8365, MT8385, MT8395, MT8518, MT8532, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:07.153Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20728", datePublished: "2023-06-06T12:11:07.153Z", dateReserved: "2022-10-28T02:03:10.766Z", dateUpdated: "2025-01-07T20:16:26.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20846
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:12
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.078Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20846", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:26.375520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:12:36.786Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:58.838Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20846", datePublished: "2023-09-04T02:27:58.838Z", dateReserved: "2022-10-28T02:03:23.692Z", dateUpdated: "2024-10-08T20:12:36.786Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20789
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:36
Severity ?
EPSS score ?
Summary
In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8195Z |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.023Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20789", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:36:13.302860Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:36:38.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8195Z", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:19.002Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20789", datePublished: "2023-08-07T03:21:19.002Z", dateReserved: "2022-10-28T02:03:10.778Z", dateUpdated: "2024-10-17T14:36:38.551Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0666
Vulnerability from cvelistv5
Published
2021-11-18 14:58
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
Version: Android 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.204Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:58:13", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0666", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0666", datePublished: "2021-11-18T14:58:13", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20705
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 19:20
Severity ?
EPSS score ?
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20705", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T19:20:22.549059Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284 Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T19:20:26.267Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20705", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T19:20:26.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20021
Vulnerability from cvelistv5
Published
2024-05-06 02:52
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8183", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188t", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195z", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8667", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8675", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766z:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766z", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768a", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768b:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768b", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768z:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768z", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788t", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788z:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788z", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8792", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8795t", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666a", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "git", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768t", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788x:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788x", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8796", vendor: "mediatek", versions: [ { lessThanOrEqual: "Android 14.0", status: "affected", version: "Android 12.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20021", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-10T15:52:43.868259Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:13.269Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6768, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8168, MT8183, MT8188, MT8188T, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8781, MT8786, MT8788, MT8788T, MT8788, MT8788X, MT8788Z, MT8792, MT8795T, MT8796, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T02:52:01.865Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20021", datePublished: "2024-05-06T02:52:01.865Z", dateReserved: "2023-11-02T13:35:35.151Z", dateUpdated: "2024-08-01T21:52:31.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20832
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-04 14:22
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365 |
Version: Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6880", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6875", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2735", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6762", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6769", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6980", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20832", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T14:22:31.805059Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-04T14:22:36.874Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:35.686Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20832", datePublished: "2023-09-04T02:27:35.686Z", dateReserved: "2022-10-28T02:03:23.685Z", dateUpdated: "2024-10-04T14:22:36.874Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0893
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:08", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0893", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0893", datePublished: "2021-12-17T16:10:08", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20045
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2025-03-28 19:16
Severity ?
EPSS score ?
Summary
In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20045", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-02T15:34:24.247800Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T19:16:33.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8188, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:04.246Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20045", datePublished: "2024-04-01T02:35:04.246Z", dateReserved: "2023-11-02T13:35:35.157Z", dateUpdated: "2025-03-28T19:16:33.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20842
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 17:28
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { status: "affected", version: "Android 11.0", }, { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Linux 6.1", }, { status: "affected", version: "IOT-v23.0", }, { status: "affected", version: "Yocto 4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20842", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:38.065535Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T17:28:33.704Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:51.965Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20842", datePublished: "2023-09-04T02:27:51.965Z", dateReserved: "2022-10-28T02:03:23.691Z", dateUpdated: "2024-10-21T17:28:33.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20050
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-10-30 19:46
Severity ?
EPSS score ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
Version: Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20050", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-01T17:55:04.864297Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T19:46:46.867Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.809Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:12.789Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20050", datePublished: "2024-04-01T02:35:12.789Z", dateReserved: "2023-11-02T13:35:35.159Z", dateUpdated: "2024-10-30T19:46:46.867Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20807
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-15 19:54
Severity ?
EPSS score ?
Summary
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20807", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T19:50:33.104208Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T19:54:51.428Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:52.814Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20807", datePublished: "2023-08-07T03:21:52.814Z", dateReserved: "2022-10-28T02:03:23.672Z", dateUpdated: "2024-10-15T19:54:51.428Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20839
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:13
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20839", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:33.383673Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:13:11.478Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:47.001Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20839", datePublished: "2023-09-04T02:27:47.001Z", dateReserved: "2022-10-28T02:03:23.690Z", dateUpdated: "2024-10-08T20:13:11.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20048
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_13.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20048", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T19:21:04.306727Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "CWE-248 Uncaught Exception", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:50.765Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6781, MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID: ALPS08541769.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:09.283Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20048", datePublished: "2024-04-01T02:35:09.283Z", dateReserved: "2023-11-02T13:35:35.158Z", dateUpdated: "2024-08-01T21:52:31.769Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20012
Vulnerability from cvelistv5
Published
2022-01-04 15:56
Modified
2024-08-03 01:55
Severity ?
EPSS score ?
Summary
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/January-2022 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6757, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8163, MT8167, MT8168, MT8169, MT8173, MT8183, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8788", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-04T15:56:21", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mediatek.com", ID: "CVE-2022-20012", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6580, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6757, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8163, MT8167, MT8168, MT8169, MT8173, MT8183, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8788", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "MediaTek, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/January-2022", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/January-2022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2022-20012", datePublished: "2022-01-04T15:56:21", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-03T01:55:46.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32819
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-23 15:28
Severity ?
EPSS score ?
Summary
In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32819", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T15:25:58.692652Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T15:28:28.808Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T02:05:26.706Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32819", datePublished: "2023-10-02T02:05:26.706Z", dateReserved: "2023-05-16T03:04:32.147Z", dateUpdated: "2024-09-23T15:28:28.808Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20695
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:30
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 13.0 / OpenWrt 19.07, 21.02 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20695", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:30:12.568668Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:30:47.770Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 19.07, 21.02", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20695", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:30:47.770Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20025
Vulnerability from cvelistv5
Published
2024-03-04 02:43
Modified
2024-08-26 20:56
Severity ?
EPSS score ?
Summary
In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6757", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6763", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8678", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8796", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20025", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T05:00:28.493810Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-26T20:56:23.653Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-04T02:43:35.600Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20025", datePublished: "2024-03-04T02:43:35.600Z", dateReserved: "2023-11-02T13:35:35.151Z", dateUpdated: "2024-08-26T20:56:23.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20108
Vulnerability from cvelistv5
Published
2024-11-04 01:48
Modified
2024-11-04 10:55
Severity ?
EPSS score ?
Summary
In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6580", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6878", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6896", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6897", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8370", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8667", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8675", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8676", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8678", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8755", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8771", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8775", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8792", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8795t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8796", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20108", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:54:11.180033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T10:55:01.488Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8792, MT8795T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:48:43.978Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20108", datePublished: "2024-11-04T01:48:43.978Z", dateReserved: "2023-11-02T13:35:35.177Z", dateUpdated: "2024-11-04T10:55:01.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32869
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-12-02 17:35
Severity ?
EPSS score ?
Summary
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.490Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32869", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-06T20:34:35.845792Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T17:35:42.950Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:22.727Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32869", datePublished: "2023-12-04T03:46:22.727Z", dateReserved: "2023-05-16T03:04:32.163Z", dateUpdated: "2024-12-02T17:35:42.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20053
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
Version: Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2737", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6880", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6980", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8667", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8796", vendor: "mediatek", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20053", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T18:57:45.880667Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:45.348Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.679Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:18.101Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20053", datePublished: "2024-04-01T02:35:18.101Z", dateReserved: "2023-11-02T13:35:35.159Z", dateUpdated: "2024-08-01T21:52:31.679Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20838
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:13
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20838", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:34.514344Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:13:21.882Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:45.442Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20838", datePublished: "2023-09-04T02:27:45.442Z", dateReserved: "2022-10-28T02:03:23.690Z", dateUpdated: "2024-10-08T20:13:21.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20141
Vulnerability from cvelistv5
Published
2025-02-03 03:23
Modified
2025-02-03 16:14
Severity ?
EPSS score ?
Summary
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20141", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T16:09:38.857762Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T16:14:10.012Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-123", description: "CWE-123 Write-what-where Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:23:56.024Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20141", datePublished: "2025-02-03T03:23:56.024Z", dateReserved: "2023-11-02T13:35:35.184Z", dateUpdated: "2025-02-03T16:14:10.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32826
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-21 15:26
Severity ?
EPSS score ?
Summary
In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.069Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8675", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-21T15:23:55.667162Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-21T15:26:13.167Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T02:05:36.578Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32826", datePublished: "2023-10-02T02:05:36.578Z", dateReserved: "2023-05-16T03:04:32.149Z", dateUpdated: "2024-09-21T15:26:13.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32866
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:45.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:18.401Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32866", datePublished: "2023-12-04T03:46:18.401Z", dateReserved: "2023-05-16T03:04:32.162Z", dateUpdated: "2024-08-02T15:32:45.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20805
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 15:13
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, { cpes: [ "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yocto", vendor: "linuxfoundation", versions: [ { status: "affected", version: "4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20805", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T14:59:23.445486Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T15:13:53.163Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:48.680Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20805", datePublished: "2023-08-07T03:21:48.680Z", dateReserved: "2022-10-28T02:03:23.671Z", dateUpdated: "2024-10-22T15:13:53.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20767
Vulnerability from cvelistv5
Published
2023-07-04 01:44
Modified
2024-12-04 21:41
Severity ?
EPSS score ?
Summary
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6886, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20767", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T19:08:22.103128Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T21:41:17.672Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6886, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-04T01:44:28.742Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20767", datePublished: "2023-07-04T01:44:28.742Z", dateReserved: "2022-10-28T02:03:10.773Z", dateUpdated: "2024-12-04T21:41:17.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20115
Vulnerability from cvelistv5
Published
2024-11-04 01:49
Modified
2024-11-04 10:45
Severity ?
EPSS score ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036695; Issue ID: MSV-1713.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195 |
Version: Android 12.0, 13.0, 14.0, 15.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20115", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:44:34.404792Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T10:45:30.086Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09036695; Issue ID: MSV-1713.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:49:03.385Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20115", datePublished: "2024-11-04T01:49:03.385Z", dateReserved: "2023-11-02T13:35:35.179Z", dateUpdated: "2024-11-04T10:45:30.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0897
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:11", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0897", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0897", datePublished: "2021-12-17T16:10:11", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0624
Vulnerability from cvelistv5
Published
2021-11-18 14:55
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.237Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:55:53", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0624", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0624", datePublished: "2021-11-18T14:55:53", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20719
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 15:08
Severity ?
EPSS score ?
Summary
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20719", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:07:27.347944Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T15:08:48.103Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20719", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T15:08:48.103Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20752
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 18:59
Severity ?
EPSS score ?
Summary
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20752", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T18:59:26.744757Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T18:59:32.154Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826586; Issue ID: ALPS07826586.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:53.101Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20752", datePublished: "2023-06-06T12:11:53.101Z", dateReserved: "2022-10-28T02:03:10.770Z", dateUpdated: "2025-01-07T18:59:32.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20114
Vulnerability from cvelistv5
Published
2024-11-04 01:48
Modified
2025-03-13 14:37
Severity ?
EPSS score ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195 |
Version: Android 12.0, 13.0, 14.0, 15.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20114", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:46:02.366534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-13T14:37:52.632Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:48:58.533Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20114", datePublished: "2024-11-04T01:48:58.533Z", dateReserved: "2023-11-02T13:35:35.179Z", dateUpdated: "2025-03-13T14:37:52.632Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0899
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:13", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0899", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0899", datePublished: "2021-12-17T16:10:13", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32809
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.098Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:15.636Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32809", datePublished: "2023-09-04T02:28:15.636Z", dateReserved: "2023-05-16T03:04:32.145Z", dateUpdated: "2024-08-02T15:25:37.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20641
Vulnerability from cvelistv5
Published
2025-02-03 03:24
Modified
2025-02-03 17:20
Severity ?
EPSS score ?
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20641", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T17:19:58.879647Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T17:20:37.187Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:24:04.876Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20641", datePublished: "2025-02-03T03:24:04.876Z", dateReserved: "2024-11-01T01:21:50.363Z", dateUpdated: "2025-02-03T17:20:37.187Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20830
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:25
Severity ?
EPSS score ?
Summary
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8195, MT8362A, MT8365, MT8781 |
Version: Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2735", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6762", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6769", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6875", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6880", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6980", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T15:24:46.560034Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-10T15:25:53.574Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8195, MT8362A, MT8365, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:32.386Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20830", datePublished: "2023-09-04T02:27:32.386Z", dateReserved: "2022-10-28T02:03:23.685Z", dateUpdated: "2024-10-10T15:25:53.574Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0676
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 8.1, 9.0, 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:06", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0676", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 8.1, 9.0, 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0676", datePublished: "2021-12-17T16:10:06", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20793
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:34
Severity ?
EPSS score ?
Summary
In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8188, MT8195 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20793", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:34:17.467027Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:34:38.441Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:25.605Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20793", datePublished: "2023-08-07T03:21:25.605Z", dateReserved: "2022-10-28T02:03:10.781Z", dateUpdated: "2024-10-17T14:34:38.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20020
Vulnerability from cvelistv5
Published
2024-03-04 02:43
Modified
2025-03-28 19:10
Severity ?
EPSS score ?
Summary
In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2715, MT8173, MT8188, MT8195, MT8390, MT8395 |
Version: Android 13.0 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20020", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-28T19:09:15.959824Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T19:10:14.806Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.578Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT2715, MT8173, MT8188, MT8195, MT8390, MT8395", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-04T02:43:24.572Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20020", datePublished: "2024-03-04T02:43:24.572Z", dateReserved: "2023-11-02T13:35:35.151Z", dateUpdated: "2025-03-28T19:10:14.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0678
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.257Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:07", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0678", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0678", datePublished: "2021-12-17T16:10:07", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0895
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:10", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0895", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0895", datePublished: "2021-12-17T16:10:10", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.581Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20797
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-22 17:12
Severity ?
EPSS score ?
Summary
In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20797", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T17:12:11.646397Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-22T17:12:19.616Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:31.898Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20797", datePublished: "2023-08-07T03:21:31.898Z", dateReserved: "2022-10-28T02:03:10.781Z", dateUpdated: "2024-10-22T17:12:19.616Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20125
Vulnerability from cvelistv5
Published
2024-12-02 03:06
Modified
2024-12-03 04:55
Severity ?
EPSS score ?
Summary
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6580", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8370", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8667", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8771", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20125", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T04:55:25.355Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-03T02:17:03.313Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20125", datePublished: "2024-12-02T03:06:53.482Z", dateReserved: "2023-11-02T13:35:35.180Z", dateUpdated: "2024-12-03T04:55:25.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32808
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:14.025Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32808", datePublished: "2023-09-04T02:28:14.025Z", dateReserved: "2023-05-16T03:04:32.145Z", dateUpdated: "2024-08-02T15:25:37.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20696
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:29
Severity ?
EPSS score ?
Summary
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 13.0 / OpenWrt 19.07, 21.02 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20696", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:28:29.547096Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:29:18.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0 / OpenWrt 19.07, 21.02", }, ], }, ], descriptions: [ { lang: "en", value: "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20696", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:29:18.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20824
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:38
Severity ?
EPSS score ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.052Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20824", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T15:38:43.283177Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T15:38:54.413Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:22.373Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20824", datePublished: "2023-09-04T02:27:22.373Z", dateReserved: "2022-10-28T02:03:23.679Z", dateUpdated: "2024-10-10T15:38:54.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20849
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-01 18:58
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.136Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yocto", vendor: "linuxfoundation", versions: [ { status: "affected", version: "4.0", }, ], }, { cpes: [ "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iot_yocto", vendor: "mediatek", versions: [ { status: "affected", version: "23.0", }, ], }, { cpes: [ "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11.0", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, ], }, { cpes: [ "cpe:2.3:o:linux:linux_kernel:6.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "linux_kernel", vendor: "linux", versions: [ { status: "affected", version: "6.1", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20849", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T18:46:24.279622Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T18:58:38.274Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:03.822Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20849", datePublished: "2023-09-04T02:28:03.822Z", dateReserved: "2022-10-28T02:03:23.696Z", dateUpdated: "2024-10-01T18:58:38.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20738
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 21:15
Severity ?
EPSS score ?
Summary
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.967Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20738", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T21:15:02.286724Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T21:15:07.999Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645173.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:27.204Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20738", datePublished: "2023-06-06T12:11:27.204Z", dateReserved: "2022-10-28T02:03:10.767Z", dateUpdated: "2025-01-07T21:15:07.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0903
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:16", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0903", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0903", datePublished: "2021-12-17T16:10:16", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0669
Vulnerability from cvelistv5
Published
2021-11-18 14:58
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
Version: Android 10.0, 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:58:38", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0669", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0669", datePublished: "2021-11-18T14:58:38", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0673
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.334Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:16", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0673", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0673", datePublished: "2021-12-17T16:10:16", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20802
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-11-07 16:24
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.984Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0_13.0_IOT_v23.0\\/yocto_4.0\\/", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20802", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T16:14:47.236338Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T16:24:43.393Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:42.242Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20802", datePublished: "2023-08-07T03:21:42.242Z", dateReserved: "2022-10-28T02:03:23.671Z", dateUpdated: "2024-11-07T16:24:43.393Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20136
Vulnerability from cvelistv5
Published
2024-12-02 03:07
Modified
2024-12-02 15:49
Severity ?
EPSS score ?
Summary
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2737, MT6781, MT6789, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8195, MT8370, MT8390, MT8673, MT8676, MT8678, MT8755, MT8775, MT8781, MT8795T, MT8796, MT8798, MT8893 |
Version: Android 12.0, 13.0, 14.0, 15.0 / openWRT 19.07, 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2737", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6878", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6880", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6897", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6980", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8370", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8676", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8678", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8755", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8775", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8795t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8796", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20136", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T15:48:57.414776Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T15:49:02.279Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2737, MT6781, MT6789, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8195, MT8370, MT8390, MT8673, MT8676, MT8678, MT8755, MT8775, MT8781, MT8795T, MT8796, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0 / openWRT 19.07, 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1", }, ], }, ], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-02T03:07:09.915Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20136", datePublished: "2024-12-02T03:07:09.915Z", dateReserved: "2023-11-02T13:35:35.182Z", dateUpdated: "2024-12-02T15:49:02.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0898
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:12", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0898", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0898", datePublished: "2021-12-17T16:10:12", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32861
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-12-02 17:36
Severity ?
EPSS score ?
Summary
In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:45.561Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32861", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-06T20:49:47.419651Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T17:36:33.510Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8188, MT8195, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:10.860Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32861", datePublished: "2023-12-04T03:46:10.860Z", dateReserved: "2023-05-16T03:04:32.160Z", dateUpdated: "2024-12-02T17:36:33.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20720
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 15:06
Severity ?
EPSS score ?
Summary
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6983, MT8167, MT8168, MT8195, MT8673 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20720", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T15:05:32.323975Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T15:06:30.590Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6983, MT8167, MT8168, MT8195, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20720", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T15:06:30.590Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32811
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-01 18:15
Severity ?
EPSS score ?
Summary
In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
Version: Android 12.0, 13.0 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yocto", vendor: "linuxfoundation", versions: [ { status: "affected", version: "4.0", }, ], }, { cpes: [ "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iot_yocto", vendor: "mediatek", versions: [ { status: "affected", version: "23.0", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, ], }, { cpes: [ "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32811", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T18:07:49.242266Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-01T18:15:59.375Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:18.886Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32811", datePublished: "2023-09-04T02:28:18.886Z", dateReserved: "2023-05-16T03:04:32.146Z", dateUpdated: "2024-10-01T18:15:59.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20800
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-11-06 15:15
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.016Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13_iot-v23.0_yocto-4.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:09:06.403548Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T15:15:22.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:37.830Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20800", datePublished: "2023-08-07T03:21:37.830Z", dateReserved: "2022-10-28T02:03:10.781Z", dateUpdated: "2024-11-06T15:15:22.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20639
Vulnerability from cvelistv5
Published
2025-02-03 03:24
Modified
2025-02-03 17:23
Severity ?
EPSS score ?
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20639", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T17:22:32.108799Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T17:23:00.356Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:24:01.156Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20639", datePublished: "2025-02-03T03:24:01.156Z", dateReserved: "2024-11-01T01:21:50.363Z", dateUpdated: "2025-02-03T17:23:00.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20834
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 16:55
Severity ?
EPSS score ?
Summary
In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6886, MT6895, MT6983, MT6985, MT8175, MT8188, MT8195, MT8365, MT8781 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20834", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:44.705404Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T16:55:42.131Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6886, MT6895, MT6983, MT6985, MT8175, MT8188, MT8195, MT8365, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:38.962Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20834", datePublished: "2023-09-04T02:27:38.962Z", dateReserved: "2022-10-28T02:03:23.686Z", dateUpdated: "2024-10-21T16:55:42.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20055
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2025-03-26 20:06
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT8168, MT8173, MT8175, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8673, MT8696, MT8781, MT8795T, MT8798, MT8871 |
Version: Android 12.0, 13.0 / Yocto 4.0 / IOT-v23.2 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20055", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-02T15:43:27.829962Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T20:06:37.541Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT8168, MT8173, MT8175, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8673, MT8696, MT8781, MT8795T, MT8798, MT8871", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / IOT-v23.2", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:21.521Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20055", datePublished: "2024-04-01T02:35:21.521Z", dateReserved: "2023-11-02T13:35:35.160Z", dateUpdated: "2025-03-26T20:06:37.541Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20693
Vulnerability from cvelistv5
Published
2023-07-04 01:44
Modified
2024-12-04 16:26
Severity ?
EPSS score ?
Summary
In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6739, MT6895, MT6983, MT8167, MT8168, MT8195, MT8321, MT8365, MT8385, MT8666, MT8765, MT8781, MT8788 |
Version: Android 11.0, 12.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.244Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20693", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T16:26:15.420254Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T16:26:25.234Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6895, MT6983, MT8167, MT8168, MT8195, MT8321, MT8365, MT8385, MT8666, MT8765, MT8781, MT8788", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-04T01:44:56.418Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20693", datePublished: "2023-07-04T01:44:56.418Z", dateReserved: "2022-10-28T02:03:10.755Z", dateUpdated: "2024-12-04T16:26:25.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20044
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6757", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6763", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "android_14.0", status: "affected", version: "android_12.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20044", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T20:06:02.381594Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:40:47.113Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:02.526Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20044", datePublished: "2024-04-01T02:35:02.526Z", dateReserved: "2023-11-02T13:35:35.157Z", dateUpdated: "2024-08-01T21:52:31.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20110
Vulnerability from cvelistv5
Published
2024-11-04 01:48
Modified
2024-11-04 10:52
Severity ?
EPSS score ?
Summary
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195 |
Version: Android 12.0, 13.0, 14.0, 15.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, { status: "affected", version: "15.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20110", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-04T10:52:17.527008Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-04T10:52:22.102Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6765, MT6768, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065887; Issue ID: MSV-1762.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T01:48:47.440Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20110", datePublished: "2024-11-04T01:48:47.440Z", dateReserved: "2023-11-02T13:35:35.178Z", dateUpdated: "2024-11-04T10:52:22.102Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32864
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8195, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:15.342Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32864", datePublished: "2023-12-04T03:46:15.342Z", dateReserved: "2023-05-16T03:04:32.161Z", dateUpdated: "2024-08-02T15:32:46.555Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20760
Vulnerability from cvelistv5
Published
2023-07-04 01:44
Modified
2024-11-26 18:59
Severity ?
EPSS score ?
Summary
In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6879, MT6895, MT6983, MT8195 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0", }, { status: "affected", version: "android_13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0", }, { status: "affected", version: "android_13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { status: "affected", version: "android_12.0", }, { status: "affected", version: "android_13.0", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { status: "affected", version: "android_12", }, { status: "affected", version: "android_13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20760", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T18:57:15.345305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T18:59:40.163Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6879, MT6895, MT6983, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-04T01:44:21.130Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20760", datePublished: "2023-07-04T01:44:21.130Z", dateReserved: "2022-10-28T02:03:10.771Z", dateUpdated: "2024-11-26T18:59:40.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20706
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 19:16
Severity ?
EPSS score ?
Summary
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195 |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.957Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20706", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T19:16:52.006125Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T19:16:55.421Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20706", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T19:16:55.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0902
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.420Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:15", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0902", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0902", datePublished: "2021-12-17T16:10:15", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32870
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8183, MT8188, MT8195, MT8673, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:24.161Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32870", datePublished: "2023-12-04T03:46:24.161Z", dateReserved: "2023-05-16T03:04:32.163Z", dateUpdated: "2024-08-02T15:32:46.624Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32839
Vulnerability from cvelistv5
Published
2023-11-06 03:50
Modified
2024-09-05 15:10
Severity ?
EPSS score ?
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6983, MT8188, MT8195, MT8673, MT8798 |
Version: Android 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11.0", }, { status: "affected", version: "12.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32839", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T15:09:17.380908Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T15:10:07.811Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6983, MT8188, MT8195, MT8673, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-06T03:50:54.573Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32839", datePublished: "2023-11-06T03:50:54.573Z", dateReserved: "2023-05-16T03:04:32.153Z", dateUpdated: "2024-09-05T15:10:07.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20085
Vulnerability from cvelistv5
Published
2024-09-02 02:07
Modified
2024-10-27 02:38
Severity ?
EPSS score ?
Summary
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8183, MT8188, MT8195, MT8390, MT8395, MT8673, MT8675, MT8676, MT8678 |
Version: Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / openWRT 19.07, 21.02, 23.05 / RDK-B 22Q3 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20085", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T14:22:28.999522Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-27T02:38:50.128Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8183, MT8188, MT8195, MT8390, MT8395, MT8673, MT8675, MT8676, MT8678", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / openWRT 19.07, 21.02, 23.05 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-02T02:07:31.421Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20085", datePublished: "2024-09-02T02:07:31.421Z", dateReserved: "2023-11-02T13:35:35.173Z", dateUpdated: "2024-10-27T02:38:50.128Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20700
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 21:18
Severity ?
EPSS score ?
Summary
In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20700", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T21:16:38.743086Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T21:18:26.789Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20700", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-23T21:18:26.789Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32838
Vulnerability from cvelistv5
Published
2023-11-06 03:50
Modified
2024-09-05 15:13
Severity ?
EPSS score ?
Summary
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6983, MT8188, MT8195, MT8390, MT8395, MT8673, MT8798 |
Version: Android 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:44.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8798", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11.0", }, { status: "affected", version: "12.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32838", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T15:13:11.795433Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T15:13:19.553Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6983, MT8188, MT8195, MT8390, MT8395, MT8673, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-06T03:50:53.147Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/November-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32838", datePublished: "2023-11-06T03:50:53.147Z", dateReserved: "2023-05-16T03:04:32.152Z", dateUpdated: "2024-09-05T15:13:19.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0619
Vulnerability from cvelistv5
Published
2021-11-18 14:54
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.228Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6739, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:54:43", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0619", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6739, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0619", datePublished: "2021-11-18T14:54:43", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0674
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.249Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 8.1, 9.0, 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:17", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0674", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 8.1, 9.0, 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0674", datePublished: "2021-12-17T16:10:17", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20718
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 16:34
Severity ?
EPSS score ?
Summary
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797 |
Version: Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T16:34:39.287628Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T16:34:43.271Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20718", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T16:34:43.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20038
Vulnerability from cvelistv5
Published
2024-03-04 02:43
Modified
2024-11-19 19:00
Severity ?
EPSS score ?
Summary
In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20038", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-04T16:52:52.427715Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-19T19:00:32.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.783Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-04T02:43:54.898Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20038", datePublished: "2024-03-04T02:43:54.898Z", dateReserved: "2023-11-02T13:35:35.153Z", dateUpdated: "2024-11-19T19:00:32.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20642
Vulnerability from cvelistv5
Published
2025-02-03 03:24
Modified
2025-02-03 17:17
Severity ?
EPSS score ?
Summary
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2025-20642", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T17:16:46.727335Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T17:17:21.117Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:24:06.483Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2025-20642", datePublished: "2025-02-03T03:24:06.483Z", dateReserved: "2024-11-01T01:21:50.364Z", dateUpdated: "2025-02-03T17:17:21.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20670
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2025-02-13 14:55
Severity ?
EPSS score ?
Summary
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20670", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-13T14:55:36.218194Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-13T14:55:41.081Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2715, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8188, MT8195, MT8321, MT8365, MT8385, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8795T, MT8797, MT8798, MT8871, MT8891", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-06T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20670", datePublished: "2023-04-06T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-02-13T14:55:41.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20835
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 16:59
Severity ?
EPSS score ?
Summary
In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Android 13.0", }, { status: "affected", version: "IOT-v23.0 (Yocto 4.0)", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20835", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:43.579088Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T16:59:12.216Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)", }, ], }, ], descriptions: [ { lang: "en", value: "In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:40.600Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20835", datePublished: "2023-09-04T02:27:40.600Z", dateReserved: "2022-10-28T02:03:23.686Z", dateUpdated: "2024-10-21T16:59:12.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32816
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:11
Severity ?
EPSS score ?
Summary
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.015Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32816", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:16.349452Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:11:44.346Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:27.217Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32816", datePublished: "2023-09-04T02:28:27.217Z", dateReserved: "2023-05-16T03:04:32.147Z", dateUpdated: "2024-10-08T20:11:44.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0658
Vulnerability from cvelistv5
Published
2021-11-18 14:57
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:57:36", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0658", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0658", datePublished: "2021-11-18T14:57:36", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20084
Vulnerability from cvelistv5
Published
2024-09-02 02:07
Modified
2024-10-27 02:38
Severity ?
EPSS score ?
Summary
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8183, MT8188, MT8195, MT8390, MT8395, MT8673, MT8675, MT8676, MT8678 |
Version: Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / openWRT 19.07, 21.02, 23.05 / RDK-B 22Q3 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20084", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T14:21:55.582860Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-27T02:38:25.170Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8183, MT8188, MT8195, MT8390, MT8395, MT8673, MT8675, MT8676, MT8678", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / openWRT 19.07, 21.02, 23.05 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-02T02:07:29.670Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20084", datePublished: "2024-09-02T02:07:29.670Z", dateReserved: "2023-11-02T13:35:35.173Z", dateUpdated: "2024-10-27T02:38:25.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20701
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-24 16:31
Severity ?
EPSS score ?
Summary
In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20701", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-24T16:31:20.485927Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-24T16:31:34.925Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/May-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20701", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-10-28T00:00:00.000Z", dateUpdated: "2025-01-24T16:31:34.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20847
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-08 20:12
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.983Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20847", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:24.175864Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:12:28.123Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:00.486Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20847", datePublished: "2023-09-04T02:28:00.486Z", dateReserved: "2022-10-28T02:03:23.695Z", dateUpdated: "2024-10-08T20:12:28.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0657
Vulnerability from cvelistv5
Published
2021-11-18 14:57
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:57:28", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0657", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0657", datePublished: "2021-11-18T14:57:28", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.218Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20052
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2024-10-29 20:54
Severity ?
EPSS score ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
Version: Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20052", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T20:27:41.382595Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T20:54:35.081Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:16.365Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20052", datePublished: "2024-04-01T02:35:16.365Z", dateReserved: "2023-11-02T13:35:35.159Z", dateUpdated: "2024-10-29T20:54:35.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20744
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 21:00
Severity ?
EPSS score ?
Summary
In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797 |
Version: Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T20:59:43.488918Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T21:00:26.142Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:39.255Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20744", datePublished: "2023-06-06T12:11:39.255Z", dateReserved: "2022-10-28T02:03:10.769Z", dateUpdated: "2025-01-07T21:00:26.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20843
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:13
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.207Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20843", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:31.035593Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:13:00.738Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:53.712Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20843", datePublished: "2023-09-04T02:27:53.712Z", dateReserved: "2022-10-28T02:03:23.691Z", dateUpdated: "2024-10-08T20:13:00.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20822
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 17:04
Severity ?
EPSS score ?
Summary
In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8195Z, MT8362A |
Version: Android 12.0, 13.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.136Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195z", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20822", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T17:04:22.397239Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-10T17:04:26.117Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8195Z, MT8362A", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:19.136Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20822", datePublished: "2023-09-04T02:27:19.136Z", dateReserved: "2022-10-28T02:03:23.677Z", dateUpdated: "2024-10-10T17:04:26.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20840
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-21 17:21
Severity ?
EPSS score ?
Summary
In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.001Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { status: "affected", version: "Android 11.0", }, { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Linux 6.1", }, { status: "affected", version: "IOT-v23.0", }, { status: "affected", version: "Yocto 4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20840", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:40.443586Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T17:21:58.898Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:48.606Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20840", datePublished: "2023-09-04T02:27:48.606Z", dateReserved: "2022-10-28T02:03:23.690Z", dateUpdated: "2024-10-21T17:21:58.898Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20049
Vulnerability from cvelistv5
Published
2024-04-01 02:35
Modified
2025-03-13 16:44
Severity ?
EPSS score ?
Summary
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
Version: Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20049", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-01T19:39:33.120815Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "CWE-248 Uncaught Exception", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T16:44:57.311Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-01T02:35:11.038Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/April-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20049", datePublished: "2024-04-01T02:35:11.038Z", dateReserved: "2023-11-02T13:35:35.158Z", dateUpdated: "2025-03-13T16:44:57.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20848
Vulnerability from cvelistv5
Published
2023-09-04 02:28
Modified
2024-10-21 17:29
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { status: "affected", version: "Android 11.0", }, { status: "affected", version: "Android 12.0", }, { status: "affected", version: "Linux 6.1", }, { status: "affected", version: "IOT-v23.0", }, { status: "affected", version: "Yocto 4.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20848", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:15:36.906817Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T17:29:46.979Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:28:02.171Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20848", datePublished: "2023-09-04T02:28:02.171Z", dateReserved: "2022-10-28T02:03:23.696Z", dateUpdated: "2024-10-21T17:29:46.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0656
Vulnerability from cvelistv5
Published
2021-11-18 14:57
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:57:18", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0656", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0656", datePublished: "2021-11-18T14:57:18", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0620
Vulnerability from cvelistv5
Published
2021-11-18 14:54
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:54:52", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0620", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0620", datePublished: "2021-11-18T14:54:52", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0629
Vulnerability from cvelistv5
Published
2021-11-18 14:56
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
Version: Android 10.0, 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:56:02", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0629", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05776625; Issue ID: ALPS05776625.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0629", datePublished: "2021-11-18T14:56:02", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20747
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 19:14
Severity ?
EPSS score ?
Summary
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20747", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T19:14:39.796298Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T19:14:44.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8365, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:45.197Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20747", datePublished: "2023-06-06T12:11:45.197Z", dateReserved: "2022-10-28T02:03:10.770Z", dateUpdated: "2025-01-07T19:14:44.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32828
Vulnerability from cvelistv5
Published
2023-10-02 02:05
Modified
2024-09-21 15:21
Severity ?
EPSS score ?
Summary
In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395 |
Version: Android 12.0 / IOT-v23.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6771", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8183", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32828", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-21T15:21:08.261382Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-21T15:21:33.274Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0 / IOT-v23.0", }, ], }, ], descriptions: [ { lang: "en", value: "In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-02T02:05:40.253Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/October-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32828", datePublished: "2023-10-02T02:05:40.253Z", dateReserved: "2023-05-16T03:04:32.150Z", dateUpdated: "2024-09-21T15:21:33.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20844
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:12
Severity ?
EPSS score ?
Summary
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
Version: Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20844", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T14:00:29.272363Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T20:12:52.704Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:55.388Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20844", datePublished: "2023-09-04T02:27:55.388Z", dateReserved: "2022-10-28T02:03:23.691Z", dateUpdated: "2024-10-08T20:12:52.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20142
Vulnerability from cvelistv5
Published
2025-02-03 03:23
Modified
2025-02-03 17:24
Severity ?
EPSS score ?
Summary
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T17:23:29.839443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-03T17:24:00.470Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0, 15.0", }, ], }, ], descriptions: [ { lang: "en", value: "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T03:23:57.752Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/February-2025", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20142", datePublished: "2025-02-03T03:23:57.752Z", dateReserved: "2023-11-02T13:35:35.184Z", dateUpdated: "2025-02-03T17:24:00.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32847
Vulnerability from cvelistv5
Published
2023-12-04 03:45
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:45.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:45:41.985Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32847", datePublished: "2023-12-04T03:45:41.985Z", dateReserved: "2023-05-16T03:04:32.155Z", dateUpdated: "2024-08-02T15:32:45.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0894
Vulnerability from cvelistv5
Published
2021-12-17 16:10
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0, 12.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:09", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0, 12.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0894", datePublished: "2021-12-17T16:10:09", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.254Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0675
Vulnerability from cvelistv5
Published
2021-12-15 18:05
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/December-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.238Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 8.1, 9.0, 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T16:10:03", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0675", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", version: { version_data: [ { version_value: "Android 8.1, 9.0, 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064258.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/December-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/December-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0675", datePublished: "2021-12-15T18:05:52", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0659
Vulnerability from cvelistv5
Published
2021-11-18 14:57
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797 |
Version: Android 10.0, 11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:57:44", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0659", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0659", datePublished: "2021-11-18T14:57:44", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32883
Vulnerability from cvelistv5
Published
2024-01-02 02:49
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-02T02:49:54.424Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/January-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32883", datePublished: "2024-01-02T02:49:54.424Z", dateReserved: "2023-05-16T03:04:32.173Z", dateUpdated: "2024-08-02T15:32:46.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20732
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-08 14:57
Severity ?
EPSS score ?
Summary
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20732", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T14:57:11.638473Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-08T14:57:15.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 3.1,3.3,4.0", }, ], }, ], descriptions: [ { lang: "en", value: "In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573480; Issue ID: ALPS07573480.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:15.218Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20732", datePublished: "2023-06-06T12:11:15.218Z", dateReserved: "2022-10-28T02:03:10.767Z", dateUpdated: "2025-01-08T14:57:15.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0623
Vulnerability from cvelistv5
Published
2021-11-18 14:55
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.200Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8186, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0, 11.0", }, ], }, ], descriptions: [ { lang: "en", value: "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:55:44", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0623", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT5522, MT5527, MT5597, MT5598, MT5599, MT6580, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8186, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT9256, MT9285, MT9286, MT9288, MT9629, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9670, MT9675, MT9685, MT9686, MT9688, MT9931, MT9950, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0, 11.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0623", datePublished: "2021-11-18T14:55:44", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20768
Vulnerability from cvelistv5
Published
2023-07-04 01:44
Modified
2024-12-04 21:41
Severity ?
EPSS score ?
Summary
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20768", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T19:09:15.252941Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T21:41:05.844Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8195, MT8321, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0", }, ], }, ], descriptions: [ { lang: "en", value: "In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-04T01:44:31.226Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/July-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20768", datePublished: "2023-07-04T01:44:31.226Z", dateReserved: "2022-10-28T02:03:10.774Z", dateUpdated: "2024-12-04T21:41:05.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20037
Vulnerability from cvelistv5
Published
2024-03-04 02:43
Modified
2024-08-22 18:31
Severity ?
EPSS score ?
Summary
In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6739", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6761", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6779", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6785", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6897", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8675", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, { status: "affected", version: "14.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20037", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-05T15:43:55.415909Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-22T18:31:07.508Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0, 14.0", }, ], }, ], descriptions: [ { lang: "en", value: "In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-04T02:43:53.317Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/March-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20037", datePublished: "2024-03-04T02:43:53.317Z", dateReserved: "2023-11-02T13:35:35.153Z", dateUpdated: "2024-08-22T18:31:07.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20745
Vulnerability from cvelistv5
Published
2023-06-06 12:11
Modified
2025-01-07 19:24
Severity ?
EPSS score ?
Summary
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797 |
Version: Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.932Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20745", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T19:24:40.508896Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-667", description: "CWE-667 Improper Locking", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-07T19:24:44.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2", }, ], }, ], descriptions: [ { lang: "en", value: "In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-06T12:11:41.174Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/June-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20745", datePublished: "2023-06-06T12:11:41.174Z", dateReserved: "2022-10-28T02:03:10.769Z", dateUpdated: "2025-01-07T19:24:44.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32862
Vulnerability from cvelistv5
Published
2023-12-04 03:46
Modified
2024-08-02 15:32
Severity ?
EPSS score ?
Summary
In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:32:46.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8188, MT8195, MT8781", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-04T03:46:12.396Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-32862", datePublished: "2023-12-04T03:46:12.396Z", dateReserved: "2023-05-16T03:04:32.161Z", dateUpdated: "2024-08-02T15:32:46.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20821
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 17:06
Severity ?
EPSS score ?
Summary
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT2713, MT2735, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
Version: Android 11.0, 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.174Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2713", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt2735", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6833", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6835", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6853", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6855", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6873", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6875", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6877", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6879", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6880", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6883", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6885", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6886", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6889", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6890", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6891", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6893", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6895", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6980", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6983", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8167s", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8168", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8173", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8175", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8185", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8188", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8321", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8362a", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8365", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8385", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8395", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8666", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8673", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8675", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8765", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8766", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8768", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8781", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8786", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8788", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8789", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8791t", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8797", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12.0", }, { status: "affected", version: "13.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-20821", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T17:04:56.340129Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T17:06:16.142Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT2735, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3", }, ], }, ], descriptions: [ { lang: "en", value: "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:17.577Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20821", datePublished: "2023-09-04T02:27:17.577Z", dateReserved: "2022-10-28T02:03:23.673Z", dateUpdated: "2024-10-10T17:06:16.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20825
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-10 15:38
Severity ?
EPSS score ?
Summary
In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:40.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20825", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T15:38:03.399534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T15:38:20.423Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-04T02:27:23.998Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/September-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20825", datePublished: "2023-09-04T02:27:23.998Z", dateReserved: "2022-10-28T02:03:23.682Z", dateUpdated: "2024-10-10T15:38:20.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20138
Vulnerability from cvelistv5
Published
2024-12-02 03:07
Modified
2024-12-02 15:47
Severity ?
EPSS score ?
Summary
In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8195, MT8370, MT8390 |
Version: Android 13.0, 14.0, 15.0 / SDK release 3.3 and before |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt3605", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6985", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6989", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt6990", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7925", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt7927", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8195", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8370", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mt8390", vendor: "mediatek", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-20138", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T15:47:39.336493Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T15:47:42.348Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8195, MT8370, MT8390", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 13.0, 14.0, 15.0 / SDK release 3.3 and before", }, ], }, ], descriptions: [ { lang: "en", value: "In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-02T03:07:15.445Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/December-2024", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2024-20138", datePublished: "2024-12-02T03:07:15.445Z", dateReserved: "2023-11-02T13:35:35.183Z", dateUpdated: "2024-12-02T15:47:42.348Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0665
Vulnerability from cvelistv5
Published
2021-11-18 14:58
Modified
2024-08-03 15:47
Severity ?
EPSS score ?
Summary
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.
References
| ▼ | URL | Tags |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/November-2021 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981 |
Version: Android 10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:47:28.229Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", vendor: "n/a", versions: [ { status: "affected", version: "Android 10.0", }, ], }, ], descriptions: [ { lang: "en", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-18T14:58:04", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@android.com", ID: "CVE-2021-0665", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797, MT9636, MT9638, MT9639, MT9650, MT9652, MT9669, MT9686, MT9970, MT9980, MT9981", version: { version_data: [ { version_value: "Android 10.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://corp.mediatek.com/product-security-bulletin/November-2021", refsource: "MISC", url: "https://corp.mediatek.com/product-security-bulletin/November-2021", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2021-0665", datePublished: "2021-11-18T14:58:04", dateReserved: "2020-11-06T00:00:00", dateUpdated: "2024-08-03T15:47:28.229Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }