Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-32624

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-05 Dec, 2022 | 00:00
Updated At-24 Apr, 2025 | 14:58
Rejected At-
Credits

In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:05 Dec, 2022 | 00:00
Updated At:24 Apr, 2025 | 14:58
Rejected At:
▼CVE Numbering Authority (CNA)

In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MT6789, MT6855, MT6895, MT6983, MT8168, MT8365, MT8781
Versions
Affected
  • Android 11.0, 12.0
Problem Types
TypeCWE IDDescription
textN/AElevation of Privilege
Type: text
CWE ID: N/A
Description: Elevation of Privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/December-2022
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/December-2022
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/December-2022
x_transferred
Hyperlink: https://corp.mediatek.com/product-security-bulletin/December-2022
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-131CWE-131 Incorrect Calculation of Buffer Size
Type: CWE
CWE ID: CWE-131
Description: CWE-131 Incorrect Calculation of Buffer Size
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:05 Dec, 2022 | 15:15
Updated At:24 Apr, 2025 | 15:15

In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>android>>11.0
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>12.0
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6789>>-
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6855>>-
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895>>-
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6983>>-
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8168>>-
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8365>>-
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8781>>-
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-131Primarynvd@nist.gov
CWE-131Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-131
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-131
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/December-2022security@mediatek.com
Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/December-2022af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/December-2022
Source: security@mediatek.com
Resource:
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/December-2022
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

693Records found
CVE-2023-35660
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.36%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 19:24
Updated-18 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2022-26467
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.38%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 17:19
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07167738; Issue ID: ALPS07167738.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6873mt6893mt8675mt8765mt6580mt8788mt6983mt8666mt8183mt6765mt6737mt6883mt6853tmt6739mt8768mt6761mt8797mt6889mt8321mt6768mt8786mt6771mt8385mt6833mt6885mt6735mt6753mt6877mt6781mt8365mt6853mt6895mt8168androidmt6779mt6785mt6879MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8183, MT8321, MT8365, MT8385, MT8666, MT8675, MT8765, MT8768, MT8786, MT8788, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35654
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 19:21
Updated-18 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-26457
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 17:19
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138490; Issue ID: ALPS07138490.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6893androidmt6833mt6769mt6877mt8797mt6983mt8791mt6785mt6781mt6879MT6769, MT6781, MT6785, MT6833, MT6855, MT6877, MT6879, MT6893, MT6983, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35693
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.28%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:56
Updated-01 Nov, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2023-32848
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.24%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-17 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6771androidmt6885mt6761mt6768mt6779mt6785mt6765mt6763mt6853MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885mt6885
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32829
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6896mt8137mt6879mt6985mt8188mt6886mt8395mt6983yoctomt8195mt6891mt6895mt8390androidiot_yoctomt8139mt8195zMT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395mt6896mt8137mt6895mt6985mt8390mt8188androidmt6886mt8395mt6983mt8139mt8195mt8195zmt6879mt6891
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32860
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.36%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32879
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-18 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8765mt6765mt8797mt6983androidmt8791tmt8789mt8768mt6833mt8798mt8168mt6885mt6883mt8766mt6879mt8321mt8786mt6762mt8781mt8167mt8188mt8788MT6762, MT6765, MT6833, MT6879, MT6883, MT6885, MT6983, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32883
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6985mt8175mt8765mt2713mt8321mt6765mt6580mt8362amt8167smt6785mt8667mt6855mt6893mt8797mt6889mt6853mt6768mt8798mt6875mt6739mt6879mt6779mt6891mt8673mt6983mt8766mt8768mt8791tmt6781mt8789mt6877mt6853tmt8195mt8788mt6769mt6886mt8168mt8167mt8390mt8666mt8385mt6835mt6762mt8781mt8786mt6789mt8365androidmt8173mt8188mt8395mt6883mt6761mt6833mt6895mt6885MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32826
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32838
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.23%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-05 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt8390mt8798mt8188androidmt8395mt8673mt6983mt2713mt8195MT2713, MT6895, MT6983, MT8188, MT8195, MT8390, MT8395, MT8673, MT8798mt6895mt8390mt8798mt8188androidmt8395mt8673mt6983mt2713mt8195
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32884
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6985mt8175mt8795tmt8765mt2713mt8321mt8696mt6765mt6580mt8362amt8167smt6785mt8667mt6855mt6893mt8797mt6889mt8791mt6853mt6768mt8798mt6739mt6879mt8192mt6779mt8673mt8766mt6983mt8768mt8791tmt6781mt8195zmt6877mt8195mt8788mt8789mt6886mt8168mt8167mt8666mt8385mt6835mt8781mt8786mt6789mt8365androidmt8871mt8173mt8188mt8775mt8395mt6883mt8771mt6761mt6833mt8755mt6895mt6885MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8192, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8696, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-32861
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.36%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Dec, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt8673mt6983mt6877mt6781mt8167mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8188, MT8195, MT8673
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32830
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.45%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt5680mt9631mt9011mt9688mt9660mt9012mt5695mt9667mt9221mt9670mt5835mt9653mt9216mt9931mt9970mt9633mt9222mt9652mt5670mt9266mt9255mt5815mt9016mt9256mt9610mt9980mt9675mt9666mt9285mt5816mt9632mt9020mt5895mt5527mt5833mt9686mt5691mt9900mt9950mt9901mt9615mt9022mt9617mt9215mt9636mt5598mt5583mt9021mt9629mt9639mt9269mt9612mt9638mt9981mt9669mt9600mt9650mt9286mt9969mt9671mt5806mt9685mt9613mt9010mt9602androidmt9679mt5813mt9630mt5599mt9649MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981mt5680mt9631mt9011mt9688mt9660mt9012mt5695mt9667mt9221mt9670mt5835mt9653mt9216mt9931mt9970mt9633mt9222mt9652mt5670mt9266mt9255mt9016mt5815mt9256mt9610mt9980mt9675mt9666mt9285mt5816mt9632mt9020mt5895mt5527mt5833mt9686mt5691mt9900mt9950mt9901mt9615mt9022mt9617mt9215mt9636mt5598mt5583mt9021mt9629mt9639mt9269mt9612mt9638mt9981mt9669mt9600mt9650mt9286mt9969mt9671mt5806mt9685mt9613mt9010mt9602androidmt9679mt5813mt9630mt5599mt9649
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32834
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.19%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-29 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt8786mt6753mt6855mt8789mt6785mt6580mt6853tmt8781mt6883mt6735mt6985mt8185mt6781mt8797mt6737mt8768mt8667androidmt6885mt6877mt8385mt6771mt6895mt8765mt6886mt8666mt8766mt6893mt6765mt6853mt6768mt6833mt6789mt8673mt8791tmt8798mt6761mt8321mt6983mt6889mt8675mt8791mt6873mt6779mt6879mt6835mt8788MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-32862
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8188, MT8195, MT8781
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32866
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32872
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6771mt6985mt6757cdmt8765mt8185mt8321mt6763mt6580mt6765mt6757mt6735mt6757chmt6785mt8667mt6855mt6893mt8797mt6889mt6757cmt6753mt6853mt8791mt6768mt8798mt6875mt6739mt6879mt6779mt6891mt8673mt6983mt8766mt8768mt8791tmt6781mt8789mt6877mt6853tmt8788mt6769mt6886mt8666mt8385mt6835mt6762mt8781mt8786mt6789mt6731androidmt6883mt8675mt6761mt6833mt6895mt6885mt6737MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32822
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.49%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-23 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8175mt6893mt8765mt6886mt8788mt8167mt6765mt6891mt6883mt8390mt6835mt6739mt8768mt8789mt6769mt6761mt8797mt6889mt8321mt6768mt8362amt8781mt8766mt8786mt6985mt8167smt6771mt8188mt8385mt6833mt6885mt6877mt6762mt6781mt8365mt8195mt6895mt8168mt8798androidmt8791mt6779mt2713mt6879MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798mt6855mt8175mt6893mt8765mt6886mt8788mt8167mt6765mt6891mt6883mt8390mt6835mt6739mt8768mt8789mt6769mt6761mt8797mt6889mt8321mt6768mt8362amt8781mt8766mt8786mt6985mt8167smt6771mt8188mt8385mt6833mt6885mt6877mt6762mt6781mt8365mt8195mt6895mt8168mt8798androidmt8791mt6779mt2713mt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32828
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.05%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt6771mt8188mt6885mt8395mt6877mt8183mt8195mt6891mt6853mt6853tmt8390androidiot_yoctomt6779mt6785MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395mt6853tmt6873mt6893mt6771mt6891mt8188mt8390mt6885mt8395mt6877mt6779mt6785mt8183mt8195mt6853
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32827
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798mt8175mt8765mt8675mt6886mt8395mt8788mt8791tmt6983mt8666mt8167mt8390mt8768mt8789mt8797mt8321mt8362amt8781mt8766mt8786mt6985mt8167smt8188mt8385mt8673mt6989mt8365mt8195mt6895mt8168mt8798androidmt8185mt8791mt6879mt8173
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32853
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6580mt6886mt6885mt6983mt6877mt6781mt8365mt6765mt6853mt6883mt6895mt6853tmt8168mt6789mt6835mt6739androidmt6761mt6889mt8321mt6768mt6785mt6879MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8321, MT8365
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9439
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:37
Updated-19 Dec, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-416
Use After Free
CVE-2018-9416
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-10||CRITICAL
EPSS-0.04% / 9.65%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:36
Updated-18 Dec, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9462
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:39
Updated-19 Dec, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39733
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.83%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39638
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2018-9403
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.45%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:29
Updated-19 Dec, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9400
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:14
Updated-19 Dec, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9394
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 17:19
Updated-18 Dec, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9395
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 17:20
Updated-18 Dec, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39721
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.40%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9386
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.81%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 22:20
Updated-19 Dec, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9396
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 21:59
Updated-18 Dec, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9390
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.56%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 22:23
Updated-19 Dec, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9376
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 20:59
Updated-18 Dec, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9399
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:13
Updated-19 Dec, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9391
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.25%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 22:25
Updated-19 Dec, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9393
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 17:17
Updated-18 Dec, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9404
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:32
Updated-19 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-9368
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.05%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:16
Updated-22 Nov, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system  execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9398
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:11
Updated-19 Dec, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9405
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.66%
||
7 Day CHG~0.00%
Published-17 Jan, 2025 | 23:17
Updated-10 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9392
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 17:15
Updated-19 Dec, 2024 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21159
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.51%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783565References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20659
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.65%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413.

Action-Not Available
Vendor-yoctoprojectGoogle LLCMediaTek Inc.Linux Kernel Organization, Inc
Product-androidmt8167smt8518mt7663mt8385mt7902mt8797mt8791tyoctomt6879mt6877mt8788linux_kernelmt6895mt8789mt8781mt6855mt8168mt8786mt8798mt6983mt8175mt8365mt6781mt8771mt8675mt8185mt5221mt8766mt7921mt8362amt6833mt8169mt8768mt7668mt6789mt8532MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20751
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07825502; Issue ID: ALPS07825502.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8168mt8167sandroidmt8362amt8365mt8167mt8195MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21209
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.71%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236273

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-20830
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.49%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-10 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrtThe Linux Foundation
Product-mt6855mt6990mt6873mt6893mt2735mt6886mt6983mt8167mt6765mt6891mt6883mt6853topenwrtmt6835mt6880mt6769mt6761mt6875mt6889mt8362amt6768mt8781rdk-bmt6985mt6890mt8167smt6833mt6885yoctomt6762mt6877mt8365mt8195mt6853mt6980mt6895mt8168androidmt6779mt2713mt6879mt8173MT2713, MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8195, MT8362A, MT8365, MT8781mt6855mt6990mt6873mt6893mt2735mt6886mt6983mt8167mt6765mt6891mt6883mt6853tmt6835mt6880mt6769mt6761mt6875mt6889mt8362amt6768mt8781mt6985mt6890mt8167smt6833mt6885mt6877mt6762mt8365mt8195mt6853mt6980mt6895mt8168androidmt6779mt2713mt6879mt8173
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found