Possible Permission Bypass in DA Product Could Lead to Local Escalation of Privilege
CVE-2023-32871
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 6 May 2024
Summary
A permission bypass vulnerability has been identified in MediaTek's products caused by an incorrect status check mechanism. This flaw allows an attacker to escalate privileges locally without requiring additional execution privileges or user interaction. Such vulnerabilities pose risks as they could be exploited to increase the privileges of a user or process beyond intended limitations, potentially leading to unauthorized access and control over the affected systems. Users and organizations utilizing MediaTek's products are advised to apply the necessary security patch identified as ALPS08355514 to mitigate this risk.
Affected Version(s)
MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 Android 11.0, 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3, 4.0 / RDK-B 22Q3
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved