SB2023100253 - Multiple vulnerabilities in MediaTek chipsets

Main Vulnerability Database SB2023100253

SB2023100253 - Multiple vulnerabilities in MediaTek chipsets

Published: October 2, 2023

Security Bulletin ID SB2023100253

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2023-20819)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within CDMA PPP protocol. A local application can execute arbitrary code.

2) Information exposure (CVE-ID: CVE-2023-32819)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within display. A local privileged application can gain access to sensitive information.

3) Resource exhaustion (CVE-ID: CVE-2023-32820)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to improper input handling within wlan firmware. A local application can perform service disruption.

4) Information exposure (CVE-ID: CVE-2023-32821)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a permissions bypass within video. A local privileged application can execute arbitrary code.

5) Improper input validation (CVE-ID: CVE-2023-32822)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within ftm. A local privileged application can execute arbitrary code.

6) Integer overflow (CVE-ID: CVE-2023-32823)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within rpmb. A local privileged application can execute arbitrary code.

7) Double Free (CVE-ID: CVE-2023-32824)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper locking within rpmb. A local privileged application can execute arbitrary code.

8) Out-of-bounds write (CVE-ID: CVE-2023-32826)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing input validation within camera middleware. A local privileged application can execute arbitrary code.

9) Out-of-bounds write (CVE-ID: CVE-2023-32827)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing input validation within camera middleware. A local privileged application can execute arbitrary code.

10) Integer overflow (CVE-ID: CVE-2023-32828)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an integer overflow within vpu. A local privileged application can execute arbitrary code.

11) Out-of-bounds write (CVE-ID: CVE-2023-32829)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an integer overflow within apusys. A local privileged application can execute arbitrary code.

12) Out-of-bounds write (CVE-ID: CVE-2023-32830)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within TVAPI. A local privileged application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://corp.mediatek.com/product-security-bulletin/October-2023

Vulnerable Software