#VU66958 Out-of-bounds write in MediaTek Hardware solutions
Vulnerability identifier: #VU66958
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-787
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
MT6853T
Hardware solutions /
Firmware
MT6873
Hardware solutions /
Firmware
MT6875
Hardware solutions /
Firmware
MT6877
Hardware solutions /
Firmware
MT6883
Hardware solutions /
Firmware
MT6885
Hardware solutions /
Firmware
MT6889
Hardware solutions /
Firmware
MT6891
Hardware solutions /
Firmware
MT6893
Hardware solutions /
Firmware
Vendor: MediaTek
Description
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in apusys. A loal user can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
MT6853T: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6883: All versions
MT6885: All versions
MT6889: All versions
MT6891: All versions
MT6893: All versions
CPE
External links
http://corp.mediatek.com/product-security-bulletin/September-2022
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
