Headline

CVE-2023-32830: October 2023

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

1 year ago

CVE

Open in Source

#vulnerability #web #android #linux #dos #rce #auth #rpm #wifi

October 2023 Product Security Bulletin

Published 2023-10-02

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2023-20819, CVE-2023-32819, CVE-2023-32820

Medium

CVE-2023-32821, CVE-2023-32822, CVE-2023-32823, CVE-2023-32824, CVE-2023-32826, CVE-2023-32827, CVE-2023-32828, CVE-2023-32829, CVE-2023-32830

****Details****

CVE

CVE-2023-20819

Title

Out-of-bounds write in CDMA PPP protocol

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2731, MT6570, MT6580, MT6595, MT6732, MT6735, MT6737, MT6737M, MT6738, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6795, MT6797, MT6799, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8786, MT8788, MT8788T, MT8788X, MT8788Z, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Modem LR11, LR12A, LR13, NR15, NR16, NR17

CVE

CVE-2023-32819

Title

Exposure of sensitive information to an unauthorized actor in display

Severity

High

Vulnerability Type

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32820

Title

Denial of service in wlan firmware

Severity

High

Vulnerability Type

DoS

CWE

CWE-400 Denial of Service

Description

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8168, MT8365, MT8518S, MT8532, MT8666, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Linux 4.19 / Yocto 3.1, 3.3 / IOT-v23.0

CVE

CVE-2023-32821

Title

Exposure of sensitive information to an unauthorized actor in video

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Description

In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32822

Title

Improper input validation in ftm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32823

Title

Integer overflow or wraparound in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32824

Title

Double free in rpmb

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-415 Double Free

Description

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32826

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32827

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

Affected Chipsets

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-32828

Title

Integer overflow or wraparound in vpu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-190 Integer Overflow or Wraparound

Description

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395

Affected Software Versions

Android 12.0 / IOT-v23.0

CVE

CVE-2023-32829

Title

Out-of-bounds write in apusys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0

CVE

CVE-2023-32830

Title

Out-of-bounds write in TVAPI

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

Affected Chipsets

MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981

Affected Software Versions

Android 10.0, 11.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

October 2, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago