15 matches found
CVE-2023-20734
CVE-2023-20734 affects the vcu module in MediaTek chips. The issue is described as an out-of-bounds write due to a missing bounds check, potentially enabling local escalation of privilege with SYSTEM privileges and no user interaction required. A patch is available (ALPS07645149; ALPS07645184). C...
CVE-2023-20747
The CVE-2023-20747 issue affects the vcu module in MediaTek chips. Root cause is memory corruption due to type confusion, leading to local denial of service with system execution privileges. Exploitation details are not provided; user interaction is not required. A patch identified as ALPS0751910...
CVE-2023-20743
The CVE-2023-20743 issue affects the vcu module in MediaTek chips. It stems from improper locking that enables an out-of-bounds write, potentially allowing local escalation of privilege to SYSTEM level without user interaction. The vulnerability impact is described as high for confidentiality, in...
CVE-2023-20715
CVE-2023-20715 affects the wlan component in MediaTek-based devices. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with SYSTEM execution rights required. Exploitation reportedly does not require user interaction. The vulnerability’s ...
CVE-2023-20740
The CVE-2023-20740 issue affects the vcu component in certain MediaTek-based devices, caused by a logic error that can trigger memory corruption. This can lead to local escalation of privilege with SYSTEM privileges and does not require user interaction. A patch (ALPS07559819) is referenced as a ...
CVE-2023-20712
CVE-2023-20712 affects MediaTek WLAN code (wlan module) and is due to a missing bounds check, enabling an out-of-bounds write that can yield local privilege escalation to System level. Exploit requires LOCAL access with HIGH privileges and no user interaction. Patch: ALPS07796914 (Issue ALPS07796...
CVE-2023-20746
The CVE-2023-20746 entry details a vulnerability in the vcu component of MediaTek chips. Root cause: an out-of-bounds write caused by improper locking. Impact: local escalation of privilege to SYSTEM level with no user interaction required. Affected scope is limited to the vcu module; exploitatio...
CVE-2023-20716
CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...
CVE-2023-20736
CVE-2023-20736 affects the vcu component. The vulnerability is an out-of-bounds write caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. A patch is referenced: ALPS07645149 (Issue ALPS07645189). Exploitation detail...
CVE-2023-20745
The CVE-2023-20745 entry relates to the vcu module in MediaTek chips, where an out-of-bounds write can occur due to improper locking. This could enable local escalation of privilege to SYSTEM with no user interaction required. Available references consistently describe the issue as a local-privil...
CVE-2023-20738
CVE-2023-20738 affects the vcu component in MediaTek chips, caused by a missing bounds check that permits an out-of-bounds write. The vulnerability can lead to local escalation of privilege with SYSTEM-level execution, and exploitation does not require user interaction. Public references consiste...
CVE-2023-20733
CVE-2023-20733 affects the vcu component in MediaTek chips. The vulnerability is a use-after-free caused by improper locking, enabling local escalation of privilege with System execution privileges required. Exploitation details are not provided in the supplied documents. Patch ID ALPS07645149 (I...
CVE-2023-20744
The CVE-2023-20744 vulnerability affects the vcu module in MediaTek chips. It is described as a use-after-free caused by a logic error, enabling local escalation of privilege with System execution privileges required and no user interaction needed. Connected documents corroborate a fault in vcu w...
CVE-2023-20735
CVE-2023-20735 concerns the vcu component in MediaTek chips, where a missing bounds check can cause an out-of-bounds write. The under-lying flaw is a lack of boundary verification in vcu, potentially enabling local escalation of privilege with System-level execution privileges required. Exploitat...
CVE-2023-20737
The CVE-2023-20737 issue concerns the vcu component in MediaTek devices, where an improper locking leads to a use-after-free condition. This vulnerability can enable local escalation of privileges to SYSTEM with no user interaction required. Affected behavior is described as a local exploit path,...