Information Disclosure Vulnerability in MediaTek KeyInstall
CVE-2023-32876
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 2 January 2024
What is CVE-2023-32876?
The vulnerability in MediaTek's KeyInstall component arises from a missing bounds check, which could lead to local information disclosure. This issue allows unauthorized access to sensitive information within the system, requiring system execution privileges for exploitation. No user interaction is necessary, making the vulnerability particularly concerning for users relying on the affected product. MediaTek has issued a patch to address this issue, and users are strongly advised to update their systems to mitigate potential risks.
Affected Version(s)
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 Android 11.0, 12.0, 13.0