CVE-2023-32854 - Vulnerability Details

Vendors	Products
Google	Android
Mediatek	Mt6835 Mt6879 Mt6886 Mt6895 Mt6983 Mt6985 Mt8321 Mt8667 Mt8673 Mt8765 Mt8766 Mt8768 Mt8781 Mt8786 Mt8788 Mt8789 Mt8791t Mt8797 Mt8798

Link	Providers
https://corp.mediatek.com/product-security-bulletin/December-2023

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32854", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2023-05-16T03:04:32.158Z", "datePublished": "2023-12-04T03:45:52.054Z", "dateUpdated": "2024-08-02T15:32:46.674Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-12-04T03:45:52.054Z"}, "descriptions": [{"lang": "en", "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT6835, MT6879, MT6886, MT6895, MT6983, MT6985, MT8321, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", "versions": [{"version": "Android 12.0, 13.0", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/December-2023"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Elevation of Privilege"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:32:46.674Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/December-2023", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-32854 (string)

assignerOrgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

state : PUBLISHED (string)

assignerShortName : MediaTek (string)

dateReserved : 2023-05-16T03:04:32.158Z (string)

datePublished : 2023-12-04T03:45:52.054Z (string)

dateUpdated : 2024-08-02T15:32:46.674Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

shortName : MediaTek (string)

dateUpdated : 2023-12-04T03:45:52.054Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132. (string)

}

]

affected : [ »

0 : { »

vendor : MediaTek, Inc. (string)

product : MT6835, MT6879, MT6886, MT6895, MT6983, MT6985, MT8321, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 (string)

versions : [ »

0 : { »

version : Android 12.0, 13.0 (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/December-2023 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : Elevation of Privilege (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T15:32:46.674Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/December-2023 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132."}, {"lang": "es", "value": "En ril, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08240132; ID del problema: ALPS08240132."}], "id": "CVE-2023-32854", "lastModified": "2024-11-21T08:04:11.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-04T04:15:08.000", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/December-2023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/December-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:* (string)

matchCriteriaId : F120D280-287A-474F-9DC5-CBBC4B4C7237 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 16820CAF-0A8A-45C8-B5A8-979EA0407389 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 19A63103-C708-48EC-B44D-5E465A6B79C5 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 704BE5CE-AE08-4432-A8B0-4C8BD62148AD (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:* (string)

matchCriteriaId : AF3E2B84-DAFE-4E11-B23B-026F719475F5 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E0CA45C9-7BFE-4C93-B2AF-B86501F763AB (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 793B7F88-79E7-4031-8AD0-35C9BFD073C4 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2FE14B46-C1CA-465F-8578-059FA2ED30EB (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 152F6606-FA23-4530-AA07-419866B74CB3 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3AACF35D-27E0-49AF-A667-13585C8B8071 (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CE45F606-2E75-48BC-9D1B-99D504974CBF (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 533284E5-C3AF-48D3-A287-993099DB2E41 (string)

vulnerable : false (boolean)

}

13 : { »

criteria : cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6 (string)

vulnerable : false (boolean)

}

14 : { »

criteria : cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FE10C121-F2AD-43D2-8FF9-A6C197858220 (string)

vulnerable : false (boolean)

}

15 : { »

criteria : cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1505AD53-987E-4328-8E1D-F5F1EC12B677 (string)

vulnerable : false (boolean)

}

16 : { »

criteria : cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1BB05B1D-77C9-4E42-91AD-9F087413DC20 (string)

vulnerable : false (boolean)

}

17 : { »

criteria : cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B469BF4-5961-42E9-814B-1BE06D182E45 (string)

vulnerable : false (boolean)

}

18 : { »

criteria : cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 637CAAD2-DCC0-4F81-B781-5D0536844CA8 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132. (string)

}

1 : { »

lang : es (string)

value : En ril, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08240132; ID del problema: ALPS08240132. (string)

}

]

id : CVE-2023-32854 (string)

lastModified : 2024-11-21T08:04:11.570 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-12-04T04:15:08.000 (string)

references : [ »

0 : { »

source : security@mediatek.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://corp.mediatek.com/product-security-bulletin/December-2023 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://corp.mediatek.com/product-security-bulletin/December-2023 (string)

}

]

sourceIdentifier : security@mediatek.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object