Multiple vulnerabilities in MediaTek Chipsets
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Race condition
EUVDB-ID: #VU71825
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20607
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ccu. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6765: All versions
MT6768: All versions
MT8786: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU71824
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20606
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in apusys. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6879: All versions
MT6895: All versions
MT6983: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU71823
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20605
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in keyinstall. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6731: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8185: All versions
MT8321: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU71822
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20604
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ged. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6761: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8167: All versions
MT8362A: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU71821
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20602
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ged. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6761: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU71937
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20608
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in display drm. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8675: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU71966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20609
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ccu. A local user can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6833: All versions
MT6853: All versions
MT6873: All versions
MT6877: All versions
MT6885: All versions
MT6893: All versions
MT8768: All versions
MT8786: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU71967
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20610
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in display drm. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
MT8675: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU71969
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20611
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in gpu. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6731: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8168: All versions
MT8365: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU71970
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20612
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds write
EUVDB-ID: #VU71971
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20613
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU71975
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20614
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU71976
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20615
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ril. A local user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6739: All versions
MT6761: All versions
MT6762: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8791T: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Type Confusion
EUVDB-ID: #VU71980
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20616
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a type confusion error in ion. A local user can pass specially crafted data to the application, trigger a type confusion error and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6580: All versions
MT6735: All versions
MT6737: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6757C: All versions
MT6757CD: All versions
MT6757CH: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6769: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT8168: All versions
MT8183: All versions
MT8321: All versions
MT8365: All versions
MT8385: All versions
MT8666: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8791T: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU71981
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20618
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in vcu. A local user can trigger out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6762: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT8185: All versions
MT8786: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU71982
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20619
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vcu. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6761: All versions
MT6762: All versions
MT6768: All versions
MT6769: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
MT8185: All versions
MT8786: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU71983
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32642
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in ccd. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6879: All versions
MT6895: All versions
MT6983: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU71984
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32643
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ccd. A local user can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT6879: All versions
MT6895: All versions
MT6983: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU71985
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32654
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU71986
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32655
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU71987
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32656
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU71988
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Wi-Fi driver. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7668: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8788: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/February-2023
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
