Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-20233

Summary
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At-15 Jun, 2022 | 13:24
Updated At-03 Aug, 2024 | 02:02
Rejected At-
Credits

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:google_android
Assigner Org ID:baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At:15 Jun, 2022 | 13:24
Updated At:03 Aug, 2024 | 02:02
Rejected At:
▼CVE Numbering Authority (CNA)

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A

Affected Products
Vendor
n/a
Product
Android
Versions
Affected
  • Android kernel
Problem Types
TypeCWE IDDescription
textN/AElevation of privilege
Type: text
CWE ID: N/A
Description: Elevation of privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2022-06-01
x_refsource_MISC
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-06-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/pixel/2022-06-01
x_refsource_MISC
x_transferred
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-06-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@android.com
Published At:15 Jun, 2022 | 14:15
Updated At:24 Jun, 2022 | 03:28

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://source.android.com/security/bulletin/pixel/2022-06-01security@android.com
Vendor Advisory
Hyperlink: https://source.android.com/security/bulletin/pixel/2022-06-01
Source: security@android.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2861Records found
CVE-2021-39793
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.30%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-02||Apply updates per vendor instructions.

In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroidPixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13231
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.88%
||
7 Day CHG~0.00%
Published-12 Feb, 2018 | 19:00
Updated-17 Sep, 2024 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39814
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.31%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 16:11
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216792660References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13216
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.91% / 74.84%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 23:00
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13293
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.96%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 16:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6294
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.43%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 19:00
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69316825. Reference: N-CVE-2017-6294.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidGPU Display Driver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6286
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.55%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-64893247. Reference: N-CVE-2017-6286.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39786
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192551247

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39718
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.43%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39721
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.43%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39652
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194499021References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39733
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39719
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-39683
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.21%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202003354References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39632
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.32%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-202159709

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39731
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.43%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39729
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.43%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39685
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-1.10% / 77.11%
||
7 Day CHG+0.13%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39650
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.43%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:05
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32853
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6580mt6886mt6885mt6983mt6877mt6781mt8365mt6765mt6853mt6883mt6895mt6853tmt8168mt6789mt6835mt6739androidmt6761mt6889mt8321mt6768mt6785mt6879MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8321, MT8365
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32811
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.95%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-01 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6855mt8175mt6873mt8188mt6833mt8673yoctomt8666mt6785mt6781mt8365mt8195mt6853mt8667mt8168mt6789mt6835androidiot_yoctomt6779mt2713MT2713, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT8168, MT8175, MT8188, MT8195, MT8365, MT8666, MT8667, MT8673androidiot_yoctoyocto
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32877
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-17 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8781mt6885mt8766mt6833mt8168mt6879mt8786mt6765mt8798mt8791tmt6983mt8789mt8765androidmt8188mt8797mt8321mt6762mt8788mt8768mt6883mt8167MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32826
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.94%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32822
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-23 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8175mt6893mt8765mt6886mt8788mt8167mt6765mt6891mt6883mt8390mt6835mt6739mt8768mt8789mt6769mt6761mt8797mt6889mt8321mt6768mt8362amt8781mt8766mt8786mt6985mt8167smt6771mt8188mt8385mt6833mt6885mt6877mt6762mt6781mt8365mt8195mt6895mt8168mt8798androidmt8791mt6779mt2713mt6879MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798mt6855mt8175mt6893mt8765mt6886mt8788mt8167mt6765mt6891mt6883mt8390mt6835mt6739mt8768mt8789mt6769mt6761mt8797mt6889mt8321mt6768mt8362amt8781mt8766mt8786mt6985mt8167smt6771mt8188mt8385mt6833mt6885mt6877mt6762mt6781mt8365mt8195mt6895mt8168mt8798androidmt8791mt6779mt2713mt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32838
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.23%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-05 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt8390mt8798mt8188androidmt8395mt8673mt6983mt2713mt8195MT2713, MT6895, MT6983, MT8188, MT8195, MT8390, MT8395, MT8673, MT8798mt6895mt8390mt8798mt8188androidmt8395mt8673mt6983mt2713mt8195
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32883
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.74%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6985mt8175mt8765mt2713mt8321mt6765mt6580mt8362amt8167smt6785mt8667mt6855mt6893mt8797mt6889mt6853mt6768mt8798mt6875mt6739mt6879mt6779mt6891mt8673mt6983mt8766mt8768mt8791tmt6781mt8789mt6877mt6853tmt8195mt8788mt6769mt6886mt8168mt8167mt8390mt8666mt8385mt6835mt6762mt8781mt8786mt6789mt8365androidmt8173mt8188mt8395mt6883mt6761mt6833mt6895mt6885MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32827
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.94%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32839
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-05 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt8798mt8188androidmt8673mt6983mt2713mt8195MT2713, MT6895, MT6983, MT8188, MT8195, MT8673, MT8798mt6895mt8798mt8188androidmt8673mt6983mt2713mt8195
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32864
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8195, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32879
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-18 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8765mt6765mt8797mt6983androidmt8791tmt8789mt8768mt6833mt8798mt8168mt6885mt6883mt8766mt6879mt8321mt8786mt6762mt8781mt8167mt8188mt8788MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32868
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt8673mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32867
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.76%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt8673mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32882
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-18 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8765mt6765mt8797mt6983androidmt8791tmt8789mt8768mt6833mt8798mt8168mt6885mt6883mt8766mt6879mt8321mt8786mt6762mt8781mt8167mt8188mt8788MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32821
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-23 Sep, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6771androidmt6885mt6761mt6768mt6779mt6785mt6765mt6763mt6853MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885mt6873mt6771mt6885mt6761mt6768mt6779mt6785mt6765mt6763mt6853
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32872
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.67%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6771mt6985mt6757cdmt8765mt8185mt8321mt6763mt6580mt6765mt6757mt6735mt6757chmt6785mt8667mt6855mt6893mt8797mt6889mt6757cmt6753mt6853mt8791mt6768mt8798mt6875mt6739mt6879mt6779mt6891mt8673mt6983mt8766mt8768mt8791tmt6781mt8789mt6877mt6853tmt8788mt6769mt6886mt8666mt8385mt6835mt6762mt8781mt8786mt6789mt6731androidmt6883mt8675mt6761mt6833mt6895mt6885mt6737MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32891
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:50
Updated-18 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6983zmt6983wmt6781lr13mt6895tmt6980dmt6891mt6783mt6855mt6833mt6890mt6853tmt6873mt6880mt6985mt6835mt6833pmt6883mt6779nr15mt6875mt6989mt6886mt6983tmt2735mt6985tmt6877androidnr16mt6785mt6785tmt6853mt6893mt6885mt6878mt6897nr17mt6980mt6879mt6896mt6877tmt6895mt6990mt6813mt6889mt6789MT2713, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8173, MT8175, MT8188, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8765, MT8766, MT8768, MT8786, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32830
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.46%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt5680mt9631mt9011mt9688mt9660mt9012mt5695mt9667mt9221mt9670mt5835mt9653mt9216mt9931mt9970mt9633mt9222mt9652mt5670mt9266mt9255mt5815mt9016mt9256mt9610mt9980mt9675mt9666mt9285mt5816mt9632mt9020mt5895mt5527mt5833mt9686mt5691mt9900mt9950mt9901mt9615mt9022mt9617mt9215mt9636mt5598mt5583mt9021mt9629mt9639mt9269mt9612mt9638mt9981mt9669mt9600mt9650mt9286mt9969mt9671mt5806mt9685mt9613mt9010mt9602androidmt9679mt5813mt9630mt5599mt9649MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981mt5680mt9631mt9011mt9688mt9660mt9012mt5695mt9667mt9221mt9670mt5835mt9653mt9216mt9931mt9970mt9633mt9222mt9652mt5670mt9266mt9255mt9016mt5815mt9256mt9610mt9980mt9675mt9666mt9285mt5816mt9632mt9020mt5895mt5527mt5833mt9686mt5691mt9900mt9950mt9901mt9615mt9022mt9617mt9215mt9636mt5598mt5583mt9021mt9629mt9639mt9269mt9612mt9638mt9981mt9669mt9600mt9650mt9286mt9969mt9671mt5806mt9685mt9613mt9010mt9602androidmt9679mt5813mt9630mt5599mt9649
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32812
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-21 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.

Action-Not Available
Vendor-MediaTek Inc.Google LLCOpenWrtThe Linux Foundation
Product-mt6855mt6990mt8175mt6873mt2735mt6580mt6886mt6983mt6765mt6883mt6853topenwrtmt6835mt6739mt6880mt6761mt2713mt6889mt6768mt6985mt6890mt8188mt6833mt6885yoctomt6877mt6855tmt6781mt8365mt8195mt6853mt6980mt6895mt8168mt6789androidmt6779mt6785mt6879MT2713, MT2735, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8175, MT8188, MT8195, MT8365mt8365
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32849
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.36%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt8765mt6833mt6885mt8788mt8791tmt6781mt6853mt8798mt8768mt8781androidmt8797mt6889mt8791mt6785mt8786mt8766MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6889, MT6893, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32873
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.67%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 02:51
Updated-13 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt8755mt6765mt8791tmt8788mt8768mt8385mt6893mt8786mt6761androidmt8789mt8766mt8781mt8771mt8321mt6833mt8792mt8765mt6768mt6983mt6855mt8796mt8795tmt6853MT6761, MT6765, MT6768, MT6833, MT6853, MT6855, MT6893, MT6895, MT6983, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796mt6895mt8755mt6765mt8791tmt8788mt8768mt8385mt6893mt8786mt6761mt8789mt8766mt8781mt8771mt8321mt6833mt8792mt8765mt6768mt6983mt6855mt8796mt8795tmt6853
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32806
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.90%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-21 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.

Action-Not Available
Vendor-MediaTek Inc.Google LLCOpenWrtThe Linux Foundation
Product-mt6855mt6990mt6873mt6893mt6886mt8791tmt6983mt6891mt6883mt6853topenwrtmt8768mt8789mt6875mt8797mt6889mt8781mt8766mt8786mt6985mt6833mt6885mt8673yoctomt6877mt6781mt8365mt6853mt6895mt8168androidiot_yoctomt6879MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6990, MT8168, MT8365, MT8673, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797mt8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32848
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.25%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-17 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6771androidmt6885mt6761mt6768mt6779mt6785mt6765mt6763mt6853MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885mt6885
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32866
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13217
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 23:00
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13180
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.77%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 23:00
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32854
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8781mt8786mt8321mt8667mt8788mt8765mt6985mt8673mt6835mt6879mt8766mt6886mt6895mt8789mt8797mt6983mt8791tmt8798mt8768androidMT6835, MT6879, MT6886, MT6895, MT6983, MT6985, MT8321, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32865
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.76%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-28 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363456; Issue ID: ALPS07363456.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8781mt6855mt6985mt6873mt6893mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt6853mt6883mt6895mt8168mt6789mt6835mt6761mt6889mt6768mt6779mt6785mt8781mt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13210
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 23:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32869
Matching Score-10
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-10
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Dec, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt8673mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2217
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.57%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 22:40
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 57
  • 58
  • Next
Details not found