CVE-2023-32840

2023-11-0603:50:57

MediaTek

www.cve.org

modem ccci

bounds check

privilege escalation

patch id

issue id

user interaction

cve-2023-32840

0.0004 Low

EPSS

Percentile

5.1%

JSON

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2731, MT2735, MT6731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6771T, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798",
    "versions": [
      {
        "version": "Modem LR12A, NR15, NR16, VMOLYN, NR17",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/November-2023

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-32840