Lucene search

MediaTekCVE-2023-32829

HistoryOct 02, 2023 - 3:15 a.m.

CVE-2023-32829

2023-10-0203:15:10

CWE-190

MediaTek

web.nvd.nist.gov

apusys

out of bounds write

integer overflow

local escalation

privilege escalation

nvd

cve-2023-32829

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

Affected configurations

Nvd

Vulners

Node

linuxfoundationyoctoMatch3.1

linuxfoundationyoctoMatch3.3

linuxfoundationyoctoMatch4.0

mediatekiot_yoctoMatch23.0

googleandroidMatch12.0

googleandroidMatch13.0

AND

mediatekmt6879Match-

mediatekmt6886Match-

mediatekmt6891Match-

mediatekmt6895Match-

mediatekmt6896Match-

mediatekmt6983Match-

mediatekmt6985Match-

mediatekmt8137Match-

mediatekmt8139Match-

mediatekmt8188Match-

mediatekmt8195Match-

mediatekmt8195zMatch-

mediatekmt8390Match-

mediatekmt8395Match-

VendorProductVersionCPE
linuxfoundationyocto3.1cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*
linuxfoundationyocto3.3cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*
linuxfoundationyocto4.0cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
mediatekiot_yocto23.0cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
mediatekmt6879-cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
mediatekmt6886-cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
mediatekmt6891-cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
mediatekmt6895-cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linuxfoundation	yocto	3.1	cpe:2.3:a:linuxfoundation:yocto:3.1:::::::*
linuxfoundation	yocto	3.3	cpe:2.3:a:linuxfoundation:yocto:3.3:::::::*
linuxfoundation	yocto	4.0	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
mediatek	iot_yocto	23.0	cpe:2.3:a:mediatek:iot_yocto:23.0:::::::*
google	android	12.0	cpe:2.3:o:google:android:12.0:::::::*
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*
mediatek	mt6879	-	cpe:2.3:h:mediatek:mt6879:-:::::::*
mediatek	mt6886	-	cpe:2.3:h:mediatek:mt6886:-:::::::*
mediatek	mt6891	-	cpe:2.3:h:mediatek:mt6891:-:::::::*
mediatek	mt6895	-	cpe:2.3:h:mediatek:mt6895:-:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395",
    "versions": [
      {
        "version": "Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/October-2023

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for CVE-2023-32829