114 matches found
CVE-2022-32589
The CVE-2022-32589 entry concerns a denial-of-service issue in the Wi‑Fi driver related to improper resource release in MediaTek-based implementations. Affected component is the Wi‑Fi driver; root cause is improper resource handling leading to a remote DoS without requiring privileges or user int...
CVE-2023-20712
CVE-2023-20712 affects MediaTek WLAN code (wlan module) and is due to a missing bounds check, enabling an out-of-bounds write that can yield local privilege escalation to System level. Exploit requires LOCAL access with HIGH privileges and no user interaction. Patch: ALPS07796914 (Issue ALPS07796...
CVE-2023-20715
CVE-2023-20715 affects the wlan component in MediaTek-based devices. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with SYSTEM execution rights required. Exploitation reportedly does not require user interaction. The vulnerability’s ...
CVE-2023-20730
CVE-2023-20730 concerns the MediaTek WLAN module, where a missing bounds check enables a possible out-of-bounds read. The result is local information disclosure, with system execution privileges required for exploitation and no user interaction needed. Publicly documented patch: ALPS07573552 (Iss...
CVE-2023-32810
The CVE-2023-32810 entry applies to the Bluetooth driver in MediaTek devices. The vulnerability is an out-of-bounds read caused by improper input validation in the Bluetooth driver, which can lead to local information leakage and potentially System-level execution privileges. Exploitation is desc...
CVE-2022-32592
The CVE-2022-32592 entry concerns MediaTek chipsets with a flaw in the cpu dvfs subsystem, where a missing bounds check enables an out-of-bounds write. This can allow local privilege escalation to SYSTEM with no user interaction required. The only remediation information present is Patch ID ALPS0...
CVE-2023-20801
In imgsys, a race condition leads to a use-after-free vulnerability that could allow local escalation of privileges with System execution privileges required. Exploitation does not require user interaction, per the CVE descriptions. Patch ALPS07420968 addresses this issue. There are no public exp...
CVE-2023-20805
The CVE-2023-20805 entry concerns the imgsys component. A missing bounds check leads to an out-of-bounds write, enabling local escalation of privileges with System execution privileges required. Exploitation reportedly does not require user interaction. A patch is available (Patch ID: ALPS0719977...
CVE-2024-20052
In flashc (MediaTek chip/software context), an uncaught exception can cause information disclosure, potentially enabling local information exposure with System privileges. Exploitation requires local access; no user interaction is needed. A patch is referenced (ALPS08541757 / ALPS08541761). No ot...
CVE-2023-20840
CVE-2023-20840 affects imgsys with a possible out-of-bounds read/write caused by missing valid-range checks. Exploitation requires user interaction and can grant local escalation of privilege with system execution privileges. A patch is referenced: ALPS07326430 (Issue ALPS07326430). No additional...
CVE-2023-20845
CVE-2023-20845 affects imgsys. The vulnerability is an out-of-bounds read caused by missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. Patch ID ALPS07197795 / Issue ID ALPS07340357 is associated wi...
CVE-2023-20847
CVE-2023-20847 affects MediaTek chips, specifically the imgsys_cmdq component, where a missing valid range check can cause an out-of-bounds read. This vulnerability can lead to local denial of service with SYSTEM privileges required, and exploitation requires user interaction. The known remedy in...
CVE-2023-32806
CVE-2023-32806 affects the MediaTek WLAN driver and involves an out-of-bounds write caused by improper input validation. The issue can lead to local escalation of privileges with SYSTEM-level execution, requiring no user interaction. The vulnerability is described with a patch reference (ALPS0744...
CVE-2024-20080
The CVE-2024-20080 entry affects the gnss service, caused by improper certificate validation. This can enable remote escalation of privilege without additional privileges, with no user interaction required. The vulnerability is rated critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and i...
CVE-2023-20746
The CVE-2023-20746 entry details a vulnerability in the vcu component of MediaTek chips. Root cause: an out-of-bounds write caused by improper locking. Impact: local escalation of privilege to SYSTEM level with no user interaction required. Affected scope is limited to the vcu module; exploitatio...
CVE-2023-32829
CVE-2023-32829 affects the apusys component: a possible out-of-bounds write caused by an integer overflow. This can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed for exploitation. A patch is available: ALPS07713478 (Issue ALPS07...
CVE-2024-20085
CVE-2024-20085 concerns MediaTek Power component vulnerability: a missing bounds check in the power handling can trigger an out-of-bounds read, enabling local information disclosure and potentially system-level execution privileges. Affected: MediaTek chips (power domain); root cause: out-of-boun...
CVE-2024-20107
CVE-2024-20107 affects MediaTek MT8676 Da component (MediaTek chipsets). It describes an out-of-bounds read due to a missing bounds check, causing local information disclosure without privileges or user interaction. Patch ALPS09124360/Issue MSV-1823 is referenced in multiple sources (NVD/Red Hat)...
CVE-2023-20728
CVE-2023-20728 affects the MediaTek wlan module. Root cause: a missing bounds check leads to an out-of-bounds read. Impact: local information disclosure with system execution privileges required; exploitation does not require user interaction. A patch is available (Patch ID: ALPS07573603; Issue I...
CVE-2023-20732
CVE-2023-20732 concerns a vulnerability in the MediaTek wlan module where a missing bounds check can cause an out-of-bounds read. The issue could enable local information disclosure with system-execution privileges required; user interaction is not needed. Affected component is the wlan implement...
CVE-2023-20796
The CVE-2023-20796 vulnerability affects MediaTek devices in the power module. It is a memory corruption issue caused by an incorrect bounds check, leading to local denial of service with system execution privileges required; no user interaction is needed. A patch is available (ALPS07929790). Exp...
CVE-2023-20716
CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...
CVE-2023-20736
CVE-2023-20736 affects the vcu component. The vulnerability is an out-of-bounds write caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. A patch is referenced: ALPS07645149 (Issue ALPS07645189). Exploitation detail...
CVE-2023-20790
The CVE-2023-20790 entry maps to MediaTek devices with an nvram module vulnerability caused by a missing bounds check, leading to an out-of-bounds write. This can result in local information disclosure and, per the description, requires system execution privileges with no user interaction. Public...
CVE-2024-20152
CVE-2024-20152 affects the WLAN STA driver and describes a reachable assertion caused by improper exception handling. The vulnerability permits local denial of service when a user with System privileges can trigger the condition, with no user interaction required. Reported patches include WCNCR00...
CVE-2024-20153
CVE-2024-20153 affects the WLAN STA module (MediaTek ecosystem) and describes a vulnerability where an attacker could coax a client to attach to an AP using a spoofed SSID, potentially causing remote information disclosure without extra privileges. Exploitation is stated as not requiring user int...
CVE-2023-20731
CVE-2023-20731 affects the MediaTek WLAN component. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure with System execution privileges required. User interaction is not needed. Patch ID ALPS07573495 (Issue ALPS07573495) is listed ...
CVE-2023-20745
The CVE-2023-20745 entry relates to the vcu module in MediaTek chips, where an out-of-bounds write can occur due to improper locking. This could enable local escalation of privilege to SYSTEM with no user interaction required. Available references consistently describe the issue as a local-privil...
CVE-2023-20800
CVE-2023-20800 affects MediaTek imgsys. The vulnerability is a missing pointer check in the imgsys component that can cause a system crash and enable local escalation of privilege with system execution privileges required. Exploitation requires user interaction. A patch exists (Patch ID: ALPS0742...
CVE-2025-20651
CVE-2025-20651 describes a potential out-of-bounds read caused by a missing bounds check in the affected component (described only as part of an unspecified implementation) that could lead to local information disclosure. Exploitation requires physical access to the device and user interaction; t...
CVE-2022-32666
Technical details (affected products, versions, root cause, and fixes) are not publicly provided in the connected documents; monitor for updates from vendor advisories and CVE records.
CVE-2023-20733
CVE-2023-20733 affects the vcu component in MediaTek chips. The vulnerability is a use-after-free caused by improper locking, enabling local escalation of privilege with System execution privileges required. Exploitation details are not provided in the supplied documents. Patch ID ALPS07645149 (I...
CVE-2023-20835
CVE-2023-20835 affects the camsys component and is described as a use-after-free introduced by a race condition, enabling local privilege escalation with System privileges required and no user interaction. Multiple connected records corroborate the issue, its local-exploitability, and the listed ...
CVE-2023-32815
The CVE-2023-32815 issue affects the gnss service and is caused by improper input validation that can trigger an out-of-bounds read, potentially enabling local information disclosure with System execution privileges required. No user interaction is needed for exploitation. A patch is referenced (...
CVE-2023-20738
CVE-2023-20738 affects the vcu component in MediaTek chips, caused by a missing bounds check that permits an out-of-bounds write. The vulnerability can lead to local escalation of privilege with SYSTEM-level execution, and exploitation does not require user interaction. Public references consiste...
CVE-2023-20804
In imgsys, there is a reported out-of-bounds write due to a missing bounds check, leading to local escalation of privilege with System execution privileges required and no user interaction. The entry lists Patch ID ALPS07199773 and Issue ID ALPS07326384 as remediation details. Exploitation status...
CVE-2023-20735
CVE-2023-20735 concerns the vcu component in MediaTek chips, where a missing bounds check can cause an out-of-bounds write. The under-lying flaw is a lack of boundary verification in vcu, potentially enabling local escalation of privilege with System-level execution privileges required. Exploitat...
CVE-2023-20744
The CVE-2023-20744 vulnerability affects the vcu module in MediaTek chips. It is described as a use-after-free caused by a logic error, enabling local escalation of privilege with System execution privileges required and no user interaction needed. Connected documents corroborate a fault in vcu w...
CVE-2024-20099
CVE-2024-20099: A power-module out-of-bounds write due to a missing bounds check enables local escalation to SYSTEM privileges with no user interaction. A patch is referenced (ALPS08997492; MSV-1625). Affected component is described as the power subsystem; exact product/version details are not sp...
CVE-2023-20727
CVE-2023-20727 affects the wlan component in MediaTek chips, with an out-of-bounds read caused by a missing bounds check. According to the records, this may lead to local information disclosure and potentially system-level execution privileges, with no user interaction required. Exploitation deta...
CVE-2023-32813
The CVE-2023-32813 issue affects the gnss service and involves an out-of-bounds write caused by improper input validation. This could lead to local information disclosure with system privileges required; no user interaction is needed. A patch is identified as ALPS08017370 (Issue ALPS08017370) and...
CVE-2024-20089
CVE-2024-20089 affects MediaTek wlan in various MediaTek chipsets. The vulnerability stems from incorrect error handling in the wlan component, enabling a remote denial of service without user interaction. The issue is classified with a HIGH impact (Availability) and NETWORK attack vector, with n...
CVE-2023-32807
The CVE-2023-32807 issue affects the wlan service in MediaTek-based devices, caused by an improper input validation that leads to an out-of-bounds read. This could allow local information disclosure and requires system privileges, with no user interaction needed. The vulnerability details are sup...
CVE-2024-20084
CVE-2024-20084 affects MediaTek power components. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with System execution privileges required; exploitation is not user-initiated. Patch ALPS08944210 is noted (Issue MSV-15...
CVE-2023-20737
The CVE-2023-20737 issue concerns the vcu component in MediaTek devices, where an improper locking leads to a use-after-free condition. This vulnerability can enable local escalation of privileges to SYSTEM with no user interaction required. Affected behavior is described as a local exploit path,...
CVE-2023-20831
The CVE-2023-20831 issue affects the gps component and is described as an out-of-bounds write caused by a missing bounds check. The underlying effect is local escalation of privilege with SYSTEM execution privileges required, and exploitation does not require user interaction. The available docum...
CVE-2023-32811
CVE-2023-32811 affects the connectivity system driver. The root cause is an out-of-bounds write due to improper input validation, enabling local escalation to SYSTEM with no user interaction. Exploitation status is not fully detailed in the provided documents, but a patch (Patch ID: ALPS07929848;...
CVE-2024-20098
The CVE-2024-20098 issue concerns Power module boundary checks: a possible out-of-bounds write may enable local escalation of privilege with System execution privileges required, and no user interaction is needed. Multiple connected sources (NVD, Red Hat, OSV, CVE lists, PT Security, CNNVD) corro...
CVE-2023-20803
Summary: CVE-2023-20803 affects the imgsys component of MediaTek microprogram software, where memory corruption can occur due to improper input validation. This leads to local privilege escalation with system execution privileges required and user interaction needed for exploitation. Technical de...
CVE-2023-20693
Summary (CVE-2023-20693) In MediaTek wlan firmware, an uncaught exception can cause a system crash, leading to a remote denial of service without user interaction. The NVD entry lists a network exploit vector with no privileges required and no user interaction, and a high impact to availability. ...