CVE-2023-32879 - Vulnerability Details

Vendors	Products
Google	Android
Mediatek	Mt6762 Mt6765 Mt6833 Mt6879 Mt6883 Mt6885 Mt6983 Mt8167 Mt8168 Mt8188 Mt8321 Mt8765 Mt8766 Mt8768 Mt8781 Mt8786 Mt8788 Mt8789 Mt8791t Mt8797 Mt8798

Link	Providers
https://corp.mediatek.com/product-security-bulletin/January-2024

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32879", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2023-05-16T03:04:32.172Z", "datePublished": "2024-01-02T02:49:47.082Z", "dateUpdated": "2024-08-02T15:32:46.553Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-01-02T02:49:47.082Z"}, "descriptions": [{"lang": "en", "value": "In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", "versions": [{"version": "Android 12.0, 13.0", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Elevation of Privilege"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:32:46.553Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/January-2024", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-32879 (string)

assignerOrgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

state : PUBLISHED (string)

assignerShortName : MediaTek (string)

dateReserved : 2023-05-16T03:04:32.172Z (string)

datePublished : 2024-01-02T02:49:47.082Z (string)

dateUpdated : 2024-08-02T15:32:46.553Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

shortName : MediaTek (string)

dateUpdated : 2024-01-02T02:49:47.082Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. (string)

}

]

affected : [ »

0 : { »

vendor : MediaTek, Inc. (string)

product : MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 (string)

versions : [ »

0 : { »

version : Android 12.0, 13.0 (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/January-2024 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : Elevation of Privilege (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T15:32:46.553Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/January-2024 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064."}, {"lang": "es", "value": "En battery, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308064."}], "id": "CVE-2023-32879", "lastModified": "2024-11-21T08:04:15.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-02T03:15:08.077", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/January-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/January-2024"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F8FB8EE9-FC56-4D5E-AE55-A5967634740C (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 879FFD0C-9B38-4CAA-B057-1086D794D469 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C445EB80-6021-4E26-B74E-1B4B6910CE48 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 43E779F6-F0A0-4153-9A1D-B715C3A2F80E (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9814939B-F05E-4870-90C0-7C0F6BAAEB39 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 704BE5CE-AE08-4432-A8B0-4C8BD62148AD (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 15E2EC3F-9FB3-488B-B1C1-2793A416C755 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DD64413C-C774-4C4F-9551-89E1AA9469EE (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3B5FE245-6346-4078-A3D0-E5F79BB636B8 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3CE2FC35-716A-4706-97BA-5DB165041580 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BA3D4A45-38EE-4125-AE67-89D1C707F95A (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 793B7F88-79E7-4031-8AD0-35C9BFD073C4 (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3AACF35D-27E0-49AF-A667-13585C8B8071 (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CE45F606-2E75-48BC-9D1B-99D504974CBF (string)

vulnerable : false (boolean)

}

13 : { »

criteria : cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA (string)

vulnerable : false (boolean)

}

14 : { »

criteria : cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 533284E5-C3AF-48D3-A287-993099DB2E41 (string)

vulnerable : false (boolean)

}

15 : { »

criteria : cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6 (string)

vulnerable : false (boolean)

}

16 : { »

criteria : cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FE10C121-F2AD-43D2-8FF9-A6C197858220 (string)

vulnerable : false (boolean)

}

17 : { »

criteria : cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1505AD53-987E-4328-8E1D-F5F1EC12B677 (string)

vulnerable : false (boolean)

}

18 : { »

criteria : cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1BB05B1D-77C9-4E42-91AD-9F087413DC20 (string)

vulnerable : false (boolean)

}

19 : { »

criteria : cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B469BF4-5961-42E9-814B-1BE06D182E45 (string)

vulnerable : false (boolean)

}

20 : { »

criteria : cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 637CAAD2-DCC0-4F81-B781-5D0536844CA8 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. (string)

}

1 : { »

lang : es (string)

value : En battery, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08308070; ID del problema: ALPS08308064. (string)

}

]

id : CVE-2023-32879 (string)

lastModified : 2024-11-21T08:04:15.503 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-01-02T03:15:08.077 (string)

references : [ »

0 : { »

source : security@mediatek.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://corp.mediatek.com/product-security-bulletin/January-2024 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://corp.mediatek.com/product-security-bulletin/January-2024 (string)

}

]

sourceIdentifier : security@mediatek.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object