The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2023-20820 |
|---|---|
| Title | Improper input validation in wlan service |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6890, MT7603, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986, MT7990 |
| Affected Software Versions | OpenWRT 19.07, 21.02 |
| CVE | CVE-2023-20821 |
|---|---|
| Title | Improper input validation in nvram |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2735, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
| Affected Software Versions | Android 11.0, 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-20822 |
|---|---|
| Title | Improper input validation in netdagent |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8195Z, MT8362A |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20823 |
|---|---|
| Title | Improper input validation in cmdq |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-20 Improper Input Validation |
| Description | In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6768, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20824 |
|---|---|
| Title | Improper input validation in duraspeed |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20825 |
|---|---|
| Title | Improper input validation in duraspeed |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6580, MT6735, MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20826 |
|---|---|
| Title | Improper input validation in cta |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6761, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8673 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20827 |
|---|---|
| Title | Improper synchronization in ims service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-662 Improper Synchronization |
| Description | In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6763, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8673, MT8791T, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20828 |
|---|---|
| Title | Improper input validation in gps |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8362A, MT8365 |
| Affected Software Versions | Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-20829 |
|---|---|
| Title | Improper input validation in gps |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8362A, MT8365 |
| Affected Software Versions | Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-20830 |
|---|---|
| Title | Improper input validation in gps |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8195, MT8362A, MT8365, MT8781 |
| Affected Software Versions | Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-20831 |
|---|---|
| Title | Improper input validation in gps |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8175, MT8195, MT8362A, MT8365 |
| Affected Software Versions | Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-20832 |
|---|---|
| Title | Improper input validation in gps |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365 |
| Affected Software Versions | Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-20833 |
|---|---|
| Title | Improper input validation in keyinstall |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20834 |
|---|---|
| Title | Use after free in pda |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6886, MT6895, MT6983, MT6985, MT8175, MT8188, MT8195, MT8365, MT8781 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20835 |
|---|---|
| Title | Use after free in camsys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 Use After Free |
| Description | In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0) |
| CVE | CVE-2023-20836 |
|---|---|
| Title | Out-of-bounds read in camsys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In camsys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6762, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6877, MT6885, MT6893, MT8768, MT8788 |
| Affected Software Versions | Android 11.0, 12.0, 13.0 |
| CVE | CVE-2023-20837 |
|---|---|
| Title | Out-of-bounds write in seninf |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6885, MT6893, MT8185, MT8385, MT8781, MT8788, MT8789, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-20838 |
|---|---|
| Title | Out-of-bounds read in imgsys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20839 |
|---|---|
| Title | Out-of-bounds read in imgsys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20840 |
|---|---|
| Title | Out-of-bounds write in imgsys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20841 |
|---|---|
| Title | Buffer copy without checking size of input ('classic buffer overflow') in imgsys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| Description | In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20842 |
|---|---|
| Title | Improper input validation in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 improper input validation |
| Description | In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20843 |
|---|---|
| Title | Improper input validation in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 improper input validation |
| Description | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20844 |
|---|---|
| Title | Out-of-bounds read in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20845 |
|---|---|
| Title | Improper input validation in imgsys |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 improper input validation |
| Description | In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20846 |
|---|---|
| Title | Out-of-bounds read in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20847 |
|---|---|
| Title | Improper input validation in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-20 improper input validation |
| Description | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20848 |
|---|---|
| Title | Improper input validation in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 improper input validation |
| Description | In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20849 |
|---|---|
| Title | Uaf in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-416 UAF |
| Description | In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20850 |
|---|---|
| Title | Out-of-bounds write in imgsys_cmdq |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 |
| Affected Software Versions | Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-20851 |
|---|---|
| Title | Out-of-bounds read in stc |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In stc, there is a possible out of bounds read due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT8188 |
| Affected Software Versions | Android 11.0, 13.0 |
| CVE | CVE-2023-32805 |
|---|---|
| Title | Out-of-bounds write in power |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT8168, MT8675 |
| Affected Software Versions | Android 11.0, 12.0 |
| CVE | CVE-2023-32806 |
|---|---|
| Title | Improper input validation in wlan driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8365, MT8673, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 / OpenWrt 21.02 / Yocto 4.0 / IOT-v23.0 |
| CVE | CVE-2023-32807 |
|---|---|
| Title | Improper input validation in connectivity system driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8167, MT8168, MT8173, MT8183, MT8321, MT8365, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788 |
| Affected Software Versions | Android 13.0 / IOT-v23.0 (Yocto 4.0) |
| CVE | CVE-2023-32808 |
|---|---|
| Title | Improper access control for register interface in bluetooth driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-1262 Improper Access Control for Register Interface |
| Description | In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI |
| Affected Software Versions | Android 13.0 |
| CVE | CVE-2023-32809 |
|---|---|
| Title | Improper access control for register interface in bluetooth driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-1262 Improper Access Control for Register Interface |
| Description | In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8797, MT8797WIFI |
| Affected Software Versions | Android 13.0 |
| CVE | CVE-2023-32810 |
|---|---|
| Title | Improper input validation in bluetooth driver |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT5221, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6890, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8365, MT8385, MT8518S, MT8532, MT8666, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 |
| Affected Software Versions | Android 12.0, 13.0 / RDK-B 22Q3 / Linux4.19 / Yocto 3.1, 3.3, 4.0 |
| CVE | CVE-2023-32811 |
|---|---|
| Title | Improper input validation in connectivity system driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
| Affected Software Versions | Android 12.0, 13.0 / IOT-v23.0 / Yocto 4.0 |
| CVE | CVE-2023-32812 |
|---|---|
| Title | Improper input validation in gnss service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365 |
| Affected Software Versions | Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-32813 |
|---|---|
| Title | Improper input validation in gnss service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
| Affected Software Versions | Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-32814 |
|---|---|
| Title | Improper input validation in gnss service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
| Affected Software Versions | Android 13.0 |
| CVE | CVE-2023-32815 |
|---|---|
| Title | Improper input validation in gnss service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8188T, MT8195, MT8365 |
| Affected Software Versions | Android 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3 |
| CVE | CVE-2023-32816 |
|---|---|
| Title | Improper input validation in gnss service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
| Affected Software Versions | Android 13.0 |
| CVE | CVE-2023-32817 |
|---|---|
| Title | Improper input validation in gnss service |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673 |
| Affected Software Versions | Android 13.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | September 4, 2023 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.