Out of Bounds Read Vulnerability in MediaTek Bluetooth Service
CVE-2023-32825

5.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2713, Mt6580, Mt6761, Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6835, Mt6853, Mt6855, Mt6873, Mt6877, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6983, Mt6985, Mt7921, Mt8168, Mt8175, Mt8188, Mt8195, Mt8321, Mt8365, Mt8390, Mt8666, Mt8667, Mt8673, Mt8765, Mt8766, Mt8768, Mt8781, Mt8786, Mt8788, Mt8791t, Mt8797, Mt8798
Vendor: CVE Published:; 6 November 2023

Summary

The Bluetooth service in MediaTek devices is susceptible to an out of bounds read vulnerability caused by improper input validation. This flaw can potentially lead to local information disclosure, enabling unauthorized access to sensitive information without requiring additional execution privileges or user interaction. Users are advised to update to the patched version to mitigate any risks associated with this vulnerability. More information can be found in the official MediaTek security bulletin.

Affected Version(s)

MT2713, MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT7921, MT8168, MT8175, MT8188, MT8195, MT8321, MT8365, MT8390, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798 Android 13.0

References

https://corp.mediatek.com/product-security-bulletin/Novem...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
May 16, 2023