Out of Bounds Write Vulnerability in MediaTek Engineer Mode
CVE-2023-32883
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 2 January 2024
Summary
In MediaTek's Engineer Mode, an out of bounds write vulnerability has been identified due to a missing bounds check. This flaw allows for local escalation of privileges, potentially granting malicious entities access to system execution privileges. Importantly, this vulnerability does not require user interaction for exploitation, making it a significant security concern. MediaTek has released a patch identified as ALPS08282249 to address this issue. It is crucial for users of affected MediaTek products to apply the latest updates to mitigate potential risks associated with this vulnerability.
Affected Version(s)
MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 Android 12.0, 13.0
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved