Vulnerability identifier: #VU87963
Vulnerability risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
MT2713
Mobile applications /
Mobile firmware & hardware
MT8168
Mobile applications /
Mobile firmware & hardware
MT8173
Mobile applications /
Mobile firmware & hardware
MT8175
Mobile applications /
Mobile firmware & hardware
MT8188
Mobile applications /
Mobile firmware & hardware
MT8195
Mobile applications /
Mobile firmware & hardware
MT8365
Mobile applications /
Mobile firmware & hardware
MT8370
Mobile applications /
Mobile firmware & hardware
MT8390
Mobile applications /
Mobile firmware & hardware
MT8395
Mobile applications /
Mobile firmware & hardware
MT8673
Mobile applications /
Mobile firmware & hardware
MT8696
Mobile applications /
Mobile firmware & hardware
MT8781
Mobile applications /
Mobile firmware & hardware
MT8795T
Mobile applications /
Mobile firmware & hardware
MT8798
Mobile applications /
Mobile firmware & hardware
MT8871
Mobile applications /
Mobile firmware & hardware
Vendor: MediaTek
Description
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within imgsys. A local privileged application can gain access to sensitive information.
Mitigation
Install security update from vendor's website.
Vulnerable software versions
MT2713: All versions
MT8168: All versions
MT8173: All versions
MT8175: All versions
MT8188: All versions
MT8195: All versions
MT8365: All versions
MT8370: All versions
MT8390: All versions
MT8395: All versions
MT8673: All versions
MT8696: All versions
MT8781: All versions
MT8795T: All versions
MT8798: All versions
MT8871: All versions
External links
http://corp.mediatek.com/product-security-bulletin/April-2024
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.