Information Disclosure Vulnerability in MediaTek KeyInstall Component
CVE-2023-32875

4.4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6580, Mt6731, Mt6735, Mt6737, Mt6739, Mt6753, Mt6757, Mt6757c, Mt6757cd, Mt6757ch, Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6835, Mt6853, Mt6853t, Mt6855, Mt6873, Mt6875, Mt6877, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6891, Mt6893, Mt6895, Mt6983, Mt6985, Mt8185, Mt8321, Mt8385, Mt8666, Mt8667, Mt8673, Mt8675, Mt8765, Mt8766, Mt8768, Mt8781, Mt8786, Mt8788, Mt8789, Mt8791, Mt8791t, Mt8797, Mt8798
Vendor: CVE Published:; 2 January 2024

Summary

The vulnerability in MediaTek’s keyInstall component results from a missing bounds check, enabling a potential information disclosure. This issue allows attackers to gain unauthorized access to sensitive data, requiring system execution privileges to exploit. The vulnerability does not necessitate user interaction, raising concerns for local information security. Affected systems should prioritize implementing the patch ID ALPS08308607 to mitigate this risk.

Affected Version(s)

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 Android 11.0, 12.0, 13.0

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
May 16, 2023