Lucene search
+L
LinuxfoundationYocto

114 matches found

CVE
CVE
added 2022/10/07 12:0 a.m.69 views

CVE-2022-32589

The CVE-2022-32589 entry concerns a denial-of-service issue in the Wi‑Fi driver related to improper resource release in MediaTek-based implementations. Affected component is the Wi‑Fi driver; root cause is improper resource handling leading to a remote DoS without requiring privileges or user int...

7.5CVSS7.3AI score0.00616EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.69 views

CVE-2023-20712

CVE-2023-20712 affects MediaTek WLAN code (wlan module) and is due to a missing bounds check, enabling an out-of-bounds write that can yield local privilege escalation to System level. Exploit requires LOCAL access with HIGH privileges and no user interaction. Patch: ALPS07796914 (Issue ALPS07796...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.69 views

CVE-2023-20715

CVE-2023-20715 affects the wlan component in MediaTek-based devices. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with SYSTEM execution rights required. Exploitation reportedly does not require user interaction. The vulnerability’s ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.69 views

CVE-2023-20730

CVE-2023-20730 concerns the MediaTek WLAN module, where a missing bounds check enables a possible out-of-bounds read. The result is local information disclosure, with system execution privileges required for exploitation and no user interaction needed. Publicly documented patch: ALPS07573552 (Iss...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.69 views

CVE-2023-32810

The CVE-2023-32810 entry applies to the Bluetooth driver in MediaTek devices. The vulnerability is an out-of-bounds read caused by improper input validation in the Bluetooth driver, which can lead to local information leakage and potentially System-level execution privileges. Exploitation is desc...

4.4CVSS4.4AI score0.00094EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.68 views

CVE-2022-32592

The CVE-2022-32592 entry concerns MediaTek chipsets with a flaw in the cpu dvfs subsystem, where a missing bounds check enables an out-of-bounds write. This can allow local privilege escalation to SYSTEM with no user interaction required. The only remediation information present is Patch ID ALPS0...

6.7CVSS6.7AI score0.00125EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.68 views

CVE-2023-20801

In imgsys, a race condition leads to a use-after-free vulnerability that could allow local escalation of privileges with System execution privileges required. Exploitation does not require user interaction, per the CVE descriptions. Patch ALPS07420968 addresses this issue. There are no public exp...

6.4CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.68 views

CVE-2023-20805

The CVE-2023-20805 entry concerns the imgsys component. A missing bounds check leads to an out-of-bounds write, enabling local escalation of privileges with System execution privileges required. Exploitation reportedly does not require user interaction. A patch is available (Patch ID: ALPS0719977...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.68 views

CVE-2024-20052

In flashc (MediaTek chip/software context), an uncaught exception can cause information disclosure, potentially enabling local information exposure with System privileges. Exploitation requires local access; no user interaction is needed. A patch is referenced (ALPS08541757 / ALPS08541761). No ot...

4.4CVSS6AI score0.00101EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.67 views

CVE-2023-20840

CVE-2023-20840 affects imgsys with a possible out-of-bounds read/write caused by missing valid-range checks. Exploitation requires user interaction and can grant local escalation of privilege with system execution privileges. A patch is referenced: ALPS07326430 (Issue ALPS07326430). No additional...

6.5CVSS6.5AI score0.00094EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.67 views

CVE-2023-20845

CVE-2023-20845 affects imgsys. The vulnerability is an out-of-bounds read caused by missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. Patch ID ALPS07197795 / Issue ID ALPS07340357 is associated wi...

4.2CVSS4AI score0.00091EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.67 views

CVE-2023-20847

CVE-2023-20847 affects MediaTek chips, specifically the imgsys_cmdq component, where a missing valid range check can cause an out-of-bounds read. This vulnerability can lead to local denial of service with SYSTEM privileges required, and exploitation requires user interaction. The known remedy in...

4.2CVSS4.4AI score0.00088EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.67 views

CVE-2023-32806

CVE-2023-32806 affects the MediaTek WLAN driver and involves an out-of-bounds write caused by improper input validation. The issue can lead to local escalation of privileges with SYSTEM-level execution, requiring no user interaction. The vulnerability is described with a patch reference (ALPS0744...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2024/07/01 3:18 a.m.67 views

CVE-2024-20080

The CVE-2024-20080 entry affects the gnss service, caused by improper certificate validation. This can enable remote escalation of privilege without additional privileges, with no user interaction required. The vulnerability is rated critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and i...

9.8CVSS7.5AI score0.00285EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.66 views

CVE-2023-20746

The CVE-2023-20746 entry details a vulnerability in the vcu component of MediaTek chips. Root cause: an out-of-bounds write caused by improper locking. Impact: local escalation of privilege to SYSTEM level with no user interaction required. Affected scope is limited to the vcu module; exploitatio...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.66 views

CVE-2023-32829

CVE-2023-32829 affects the apusys component: a possible out-of-bounds write caused by an integer overflow. This can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed for exploitation. A patch is available: ALPS07713478 (Issue ALPS07...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.65 views

CVE-2024-20085

CVE-2024-20085 concerns MediaTek Power component vulnerability: a missing bounds check in the power handling can trigger an out-of-bounds read, enabling local information disclosure and potentially system-level execution privileges. Affected: MediaTek chips (power domain); root cause: out-of-boun...

4.4CVSS6.2AI score0.00096EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.65 views

CVE-2024-20107

CVE-2024-20107 affects MediaTek MT8676 Da component (MediaTek chipsets). It describes an out-of-bounds read due to a missing bounds check, causing local information disclosure without privileges or user interaction. Patch ALPS09124360/Issue MSV-1823 is referenced in multiple sources (NVD/Red Hat)...

6.2CVSS6.2AI score0.00103EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.64 views

CVE-2023-20728

CVE-2023-20728 affects the MediaTek wlan module. Root cause: a missing bounds check leads to an out-of-bounds read. Impact: local information disclosure with system execution privileges required; exploitation does not require user interaction. A patch is available (Patch ID: ALPS07573603; Issue I...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.64 views

CVE-2023-20732

CVE-2023-20732 concerns a vulnerability in the MediaTek wlan module where a missing bounds check can cause an out-of-bounds read. The issue could enable local information disclosure with system-execution privileges required; user interaction is not needed. Affected component is the wlan implement...

6.7CVSS5.9AI score0.00095EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.64 views

CVE-2023-20796

The CVE-2023-20796 vulnerability affects MediaTek devices in the power module. It is a memory corruption issue caused by an incorrect bounds check, leading to local denial of service with system execution privileges required; no user interaction is needed. A patch is available (ALPS07929790). Exp...

4.4CVSS4.8AI score0.00084EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.63 views

CVE-2023-20716

CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.63 views

CVE-2023-20736

CVE-2023-20736 affects the vcu component. The vulnerability is an out-of-bounds write caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. A patch is referenced: ALPS07645149 (Issue ALPS07645189). Exploitation detail...

6.4CVSS6.5AI score0.00067EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.62 views

CVE-2023-20790

The CVE-2023-20790 entry maps to MediaTek devices with an nvram module vulnerability caused by a missing bounds check, leading to an out-of-bounds write. This can result in local information disclosure and, per the description, requires system execution privileges with no user interaction. Public...

4.4CVSS4.4AI score0.00085EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.62 views

CVE-2024-20152

CVE-2024-20152 affects the WLAN STA driver and describes a reachable assertion caused by improper exception handling. The vulnerability permits local denial of service when a user with System privileges can trigger the condition, with no user interaction required. Reported patches include WCNCR00...

4.4CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2025/01/06 3:18 a.m.62 views

CVE-2024-20153

CVE-2024-20153 affects the WLAN STA module (MediaTek ecosystem) and describes a vulnerability where an attacker could coax a client to attach to an AP using a spoofed SSID, potentially causing remote information disclosure without extra privileges. Exploitation is stated as not requiring user int...

7.5CVSS6.8AI score0.00323EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.61 views

CVE-2023-20731

CVE-2023-20731 affects the MediaTek WLAN component. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure with System execution privileges required. User interaction is not needed. Patch ID ALPS07573495 (Issue ALPS07573495) is listed ...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.61 views

CVE-2023-20745

The CVE-2023-20745 entry relates to the vcu module in MediaTek chips, where an out-of-bounds write can occur due to improper locking. This could enable local escalation of privilege to SYSTEM with no user interaction required. Available references consistently describe the issue as a local-privil...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.61 views

CVE-2023-20800

CVE-2023-20800 affects MediaTek imgsys. The vulnerability is a missing pointer check in the imgsys component that can cause a system crash and enable local escalation of privilege with system execution privileges required. Exploitation requires user interaction. A patch exists (Patch ID: ALPS0742...

6.5CVSS6.6AI score0.00089EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.61 views

CVE-2025-20651

CVE-2025-20651 describes a potential out-of-bounds read caused by a missing bounds check in the affected component (described only as part of an unspecified implementation) that could lead to local information disclosure. Exploitation requires physical access to the device and user interaction; t...

4.1CVSS6.4AI score0.00089EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.60 views

CVE-2022-32666

Technical details (affected products, versions, root cause, and fixes) are not publicly provided in the connected documents; monitor for updates from vendor advisories and CVE records.

7.5CVSS7.4AI score0.0099EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.60 views

CVE-2023-20733

CVE-2023-20733 affects the vcu component in MediaTek chips. The vulnerability is a use-after-free caused by improper locking, enabling local escalation of privilege with System execution privileges required. Exploitation details are not provided in the supplied documents. Patch ID ALPS07645149 (I...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.60 views

CVE-2023-20835

CVE-2023-20835 affects the camsys component and is described as a use-after-free introduced by a race condition, enabling local privilege escalation with System privileges required and no user interaction. Multiple connected records corroborate the issue, its local-exploitability, and the listed ...

6.4CVSS6.6AI score0.00063EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.60 views

CVE-2023-32815

The CVE-2023-32815 issue affects the gnss service and is caused by improper input validation that can trigger an out-of-bounds read, potentially enabling local information disclosure with System execution privileges required. No user interaction is needed for exploitation. A patch is referenced (...

4.4CVSS4.3AI score0.00089EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.59 views

CVE-2023-20738

CVE-2023-20738 affects the vcu component in MediaTek chips, caused by a missing bounds check that permits an out-of-bounds write. The vulnerability can lead to local escalation of privilege with SYSTEM-level execution, and exploitation does not require user interaction. Public references consiste...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.59 views

CVE-2023-20804

In imgsys, there is a reported out-of-bounds write due to a missing bounds check, leading to local escalation of privilege with System execution privileges required and no user interaction. The entry lists Patch ID ALPS07199773 and Issue ID ALPS07326384 as remediation details. Exploitation status...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.58 views

CVE-2023-20735

CVE-2023-20735 concerns the vcu component in MediaTek chips, where a missing bounds check can cause an out-of-bounds write. The under-lying flaw is a lack of boundary verification in vcu, potentially enabling local escalation of privilege with System-level execution privileges required. Exploitat...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.57 views

CVE-2023-20744

The CVE-2023-20744 vulnerability affects the vcu module in MediaTek chips. It is described as a use-after-free caused by a logic error, enabling local escalation of privilege with System execution privileges required and no user interaction needed. Connected documents corroborate a fault in vcu w...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.57 views

CVE-2024-20099

CVE-2024-20099: A power-module out-of-bounds write due to a missing bounds check enables local escalation to SYSTEM privileges with no user interaction. A patch is referenced (ALPS08997492; MSV-1625). Affected component is described as the power subsystem; exact product/version details are not sp...

6.7CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2023/06/06 8:2 a.m.56 views

CVE-2023-20727

CVE-2023-20727 affects the wlan component in MediaTek chips, with an out-of-bounds read caused by a missing bounds check. According to the records, this may lead to local information disclosure and potentially system-level execution privileges, with no user interaction required. Exploitation deta...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.56 views

CVE-2023-32813

The CVE-2023-32813 issue affects the gnss service and involves an out-of-bounds write caused by improper input validation. This could lead to local information disclosure with system privileges required; no user interaction is needed. A patch is identified as ALPS08017370 (Issue ALPS08017370) and...

4.4CVSS4.4AI score0.00089EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.56 views

CVE-2024-20089

CVE-2024-20089 affects MediaTek wlan in various MediaTek chipsets. The vulnerability stems from incorrect error handling in the wlan component, enabling a remote denial of service without user interaction. The issue is classified with a HIGH impact (Availability) and NETWORK attack vector, with n...

7.5CVSS7AI score0.00306EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.55 views

CVE-2023-32807

The CVE-2023-32807 issue affects the wlan service in MediaTek-based devices, caused by an improper input validation that leads to an out-of-bounds read. This could allow local information disclosure and requires system privileges, with no user interaction needed. The vulnerability details are sup...

4.4CVSS4.3AI score0.00089EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.55 views

CVE-2024-20084

CVE-2024-20084 affects MediaTek power components. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with System execution privileges required; exploitation is not user-initiated. Patch ALPS08944210 is noted (Issue MSV-15...

4.4CVSS6.2AI score0.00098EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.54 views

CVE-2023-20737

The CVE-2023-20737 issue concerns the vcu component in MediaTek devices, where an improper locking leads to a use-after-free condition. This vulnerability can enable local escalation of privileges to SYSTEM with no user interaction required. Affected behavior is described as a local exploit path,...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.54 views

CVE-2023-20831

The CVE-2023-20831 issue affects the gps component and is described as an out-of-bounds write caused by a missing bounds check. The underlying effect is local escalation of privilege with SYSTEM execution privileges required, and exploitation does not require user interaction. The available docum...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.52 views

CVE-2023-32811

CVE-2023-32811 affects the connectivity system driver. The root cause is an out-of-bounds write due to improper input validation, enabling local escalation to SYSTEM with no user interaction. Exploitation status is not fully detailed in the provided documents, but a patch (Patch ID: ALPS07929848;...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.51 views

CVE-2024-20098

The CVE-2024-20098 issue concerns Power module boundary checks: a possible out-of-bounds write may enable local escalation of privilege with System execution privileges required, and no user interaction is needed. Multiple connected sources (NVD, Red Hat, OSV, CVE lists, PT Security, CNNVD) corro...

6.7CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.50 views

CVE-2023-20803

Summary: CVE-2023-20803 affects the imgsys component of MediaTek microprogram software, where memory corruption can occur due to improper input validation. This leads to local privilege escalation with system execution privileges required and user interaction needed for exploitation. Technical de...

6.7CVSS6.8AI score0.00089EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.49 views

CVE-2023-20693

Summary (CVE-2023-20693) In MediaTek wlan firmware, an uncaught exception can cause a system crash, leading to a remote denial of service without user interaction. The NVD entry lists a network exploit vector with no privileges required and no user interaction, and a high impact to availability. ...

7.5CVSS7.4AI score0.00445EPSS
Total number of security vulnerabilities114