Main Vulnerability Database Vulnerabilities #VU81358

#VU81358 Out-of-bounds write in MediaTek products - CVE-2023-32830

Published: October 2, 2023

Vulnerability identifier: #VU81358

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-32830

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
MT5527
MT5583
MT5598
MT5599
MT5670
MT5680
MT5691
MT5695
MT5806
MT5813
MT5815
MT5816
MT5833
MT5835
MT5895
MT9010
MT9011
MT9012
MT9016
MT9020
MT9021
MT9022
MT9215
MT9216
MT9221
MT9222
MT9255
MT9256
MT9266
MT9269
MT9285
MT9286
MT9600
MT9602
MT9610
MT9612
MT9613
MT9615
MT9617
MT9629
MT9630
MT9631
MT9632
MT9633
MT9636
MT9638
MT9639
MT9649
MT9650
MT9652
MT9653
MT9660
MT9666
MT9667
MT9669
MT9670
MT9671
MT9675
MT9679
MT9685
MT9686
MT9688
MT9900
MT9901
MT9931
MT9950
MT9969
MT9970
MT9980
MT9981

Software vendor:
MediaTek

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within TVAPI. A local privileged application can execute arbitrary code.

Remediation

Install security update from vendor's website.

External links

https://corp.mediatek.com/product-security-bulletin/October-2023

#VU81358 Out-of-bounds write in MediaTek products - CVE-2023-32830

Description

Remediation

External links

Please verify you're human