Multiple vulnerabilities in MediaTek Chipsets
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2023-20607 CVE-2023-20606 CVE-2023-20605 CVE-2023-20604 CVE-2023-20602 CVE-2023-20608 CVE-2023-20609 CVE-2023-20610 CVE-2023-20611 CVE-2023-20612 CVE-2023-20613 CVE-2023-20614 CVE-2023-20615 CVE-2023-20616 CVE-2023-20618 CVE-2023-20619 CVE-2022-32642 CVE-2022-32643 CVE-2022-32654 CVE-2022-32655 CVE-2022-32656 CVE-2022-32663 |
| CWE-ID | CWE-362 CWE-125 CWE-787 CWE-416 CWE-843 CWE-20 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
MT6765 Mobile applications / Mobile firmware & hardware MT6768 Mobile applications / Mobile firmware & hardware MT8786 Mobile applications / Mobile firmware & hardware MT6879 Mobile applications / Mobile firmware & hardware MT6895 Mobile applications / Mobile firmware & hardware MT6983 Mobile applications / Mobile firmware & hardware MT6580 Mobile applications / Mobile firmware & hardware MT6731 Mobile applications / Mobile firmware & hardware MT6735 Mobile applications / Mobile firmware & hardware MT6737 Mobile applications / Mobile firmware & hardware MT6739 Mobile applications / Mobile firmware & hardware MT6753 Mobile applications / Mobile firmware & hardware MT6757 Mobile applications / Mobile firmware & hardware MT6757C Mobile applications / Mobile firmware & hardware MT6757CD Mobile applications / Mobile firmware & hardware MT6757CH Mobile applications / Mobile firmware & hardware MT6761 Mobile applications / Mobile firmware & hardware MT6762 Mobile applications / Mobile firmware & hardware MT6763 Mobile applications / Mobile firmware & hardware MT6769 Mobile applications / Mobile firmware & hardware MT6771 Mobile applications / Mobile firmware & hardware MT6789 Mobile applications / Mobile firmware & hardware MT6833 Mobile applications / Mobile firmware & hardware MT6855 Mobile applications / Mobile firmware & hardware MT8185 Mobile applications / Mobile firmware & hardware MT8321 Mobile applications / Mobile firmware & hardware MT8385 Mobile applications / Mobile firmware & hardware MT8666 Mobile applications / Mobile firmware & hardware MT8667 Mobile applications / Mobile firmware & hardware MT8765 Mobile applications / Mobile firmware & hardware MT8766 Mobile applications / Mobile firmware & hardware MT8768 Mobile applications / Mobile firmware & hardware MT8788 Mobile applications / Mobile firmware & hardware MT8789 Mobile applications / Mobile firmware & hardware MT8791 Mobile applications / Mobile firmware & hardware MT8791T Mobile applications / Mobile firmware & hardware MT8167 Mobile applications / Mobile firmware & hardware MT8362A Mobile applications / Mobile firmware & hardware MT8168 Mobile applications / Mobile firmware & hardware MT8365 Mobile applications / Mobile firmware & hardware MT8675 Mobile applications / Mobile firmware & hardware MT8183 Mobile applications / Mobile firmware & hardware MT5221 Mobile applications / Mobile firmware & hardware MT7603 Mobile applications / Mobile firmware & hardware MT7613 Mobile applications / Mobile firmware & hardware MT7615 Mobile applications / Mobile firmware & hardware MT7622 Mobile applications / Mobile firmware & hardware MT7628 Mobile applications / Mobile firmware & hardware MT7629 Mobile applications / Mobile firmware & hardware MT7663 Mobile applications / Mobile firmware & hardware MT7668 Mobile applications / Mobile firmware & hardware MT7682 Mobile applications / Mobile firmware & hardware MT7686 Mobile applications / Mobile firmware & hardware MT7687 Mobile applications / Mobile firmware & hardware MT7697 Mobile applications / Mobile firmware & hardware MT7902 Mobile applications / Mobile firmware & hardware MT7915 Mobile applications / Mobile firmware & hardware MT7916 Mobile applications / Mobile firmware & hardware MT7921 Mobile applications / Mobile firmware & hardware MT7933 Mobile applications / Mobile firmware & hardware MT7981 Mobile applications / Mobile firmware & hardware MT7986 Mobile applications / Mobile firmware & hardware MT8167S Mobile applications / Mobile firmware & hardware MT8175 Mobile applications / Mobile firmware & hardware MT8532 Mobile applications / Mobile firmware & hardware MT8695 Mobile applications / Mobile firmware & hardware MT8696 Mobile applications / Mobile firmware & hardware MT6779 Hardware solutions / Firmware MT6781 Hardware solutions / Firmware MT6785 Hardware solutions / Firmware MT6853 Hardware solutions / Firmware MT6853T Hardware solutions / Firmware MT6873 Hardware solutions / Firmware MT6875 Hardware solutions / Firmware MT6877 Hardware solutions / Firmware MT6883 Hardware solutions / Firmware MT6885 Hardware solutions / Firmware MT6889 Hardware solutions / Firmware MT6891 Hardware solutions / Firmware MT6893 Hardware solutions / Firmware MT8797 Hardware solutions / Firmware MT8518S Other |
| Vendor | MediaTek |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Race condition
EUVDB-ID: #VU71825
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20607
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ccu. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6765: All versions
MT6768: All versions
MT8786: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU71824
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20606
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in apusys. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6879: All versions
MT6895: All versions
MT6983: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU71823
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20605
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in keyinstall. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6731: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8185: All versions
MT8321: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6580:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6731:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6735:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6737:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6753:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757c:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757cd:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757ch:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6763:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8185:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8666:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8667:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8766:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU71822
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20604
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ged. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6761: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167: All versions
MT8362A: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6735:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6737:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6753:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6763:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8167:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8362a:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU71821
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20602
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ged. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6761: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6735:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6737:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6753:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6763:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU71937
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20608
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in display drm. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8675: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8168:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8675:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU71966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20609
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ccu. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6885: All versions
MT6893: All versions
MT8768: All versions
MT8786: All versions
MT8791: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU71967
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20610
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in display drm. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8675: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8168:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8675:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU71969
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20611
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in gpu. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6731: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6580:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6731:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6735:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6737:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6753:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757c:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757cd:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757ch:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6763:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8168:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU71970
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20612
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8766:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds write
EUVDB-ID: #VU71971
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20613
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8766:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU71975
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20614
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8766:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU71976
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20615
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6855:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8766:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Type Confusion
EUVDB-ID: #VU71980
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20616
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a type confusion error in ion. A local user can pass specially crafted data to the application, trigger a type confusion error and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT8168: All versions
MT8183: All versions
MT8321: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8791T: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6580:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6735:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6737:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6739:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6753:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757c:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757cd:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6757ch:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6763:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6771:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8168:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8183:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8666:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8675:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8765:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8766:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU71981
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20618
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in vcu. A local user can trigger out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6762: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT8185: All versions
MT8786: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8185:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU71982
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vcu. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6762: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT8185: All versions
MT8786: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6761:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6762:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6769:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6779:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6833:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6883:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6885:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6889:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6891:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt6893:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8185:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8786:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8789:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8791:*:*:*:*:*:*:*:
- cpe:2.3:h:mediatek:mt8797:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU71983
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32642
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ccd. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6879: All versions
MT6895: All versions
MT6983: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU71984
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32643
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ccd. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6879: All versions
MT6895: All versions
MT6983: All versions
CPE2.3- cpe:2.3:a:mediatek:mt6879:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6895:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt6983:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU71985
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32654
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
CPE2.3- cpe:2.3:a:mediatek:mt5221:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7603:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7613:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7615:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7622:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7628:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7629:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7663:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7668:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7682:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7686:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7687:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7697:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7902:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7915:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7916:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7921:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7933:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7981:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7986:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8167s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8175:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8362a:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3::mediatek:mt8518s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8532:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8695:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8696:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU71986
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32655
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
CPE2.3- cpe:2.3:a:mediatek:mt5221:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7603:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7613:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7615:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7622:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7628:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7629:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7663:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7668:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7682:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7686:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7687:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7697:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7902:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7915:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7916:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7921:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7933:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7981:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7986:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8167s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8175:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8362a:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3::mediatek:mt8518s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8532:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8695:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8696:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU71987
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32656
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
CPE2.3- cpe:2.3:a:mediatek:mt5221:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7603:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7613:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7615:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7622:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7628:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7629:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7663:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7668:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7682:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7686:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7687:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7697:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7902:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7915:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7916:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7921:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7933:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7981:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7986:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8167s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8175:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8362a:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3::mediatek:mt8518s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8532:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8695:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8696:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU71988
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Wi-Fi driver. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7668: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8788: All versions
CPE2.3- cpe:2.3:a:mediatek:mt5221:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7603:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7613:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7615:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7622:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7628:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7629:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7668:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7902:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7915:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7916:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7921:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7981:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt7986:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8167s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8175:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8362a:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8365:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:
- cpe:2.3::mediatek:mt8518s:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8532:*:*:*:*:*:*:*:
- cpe:2.3:a:mediatek:mt8788:*:*:*:*:*:*:*:
http://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
