Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20133

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-02 Dec, 2024 | 03:07
Updated At-03 Dec, 2024 | 04:55
Rejected At-
Credits

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:02 Dec, 2024 | 03:07
Updated At:03 Dec, 2024 | 04:55
Rejected At:
▼CVE Numbering Authority (CNA)

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6983, MT8673, MT8676, MT8795T, MT8798
Versions
Affected
  • Modem NR16
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/December-2024
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/December-2024
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
MediaTek Inc.mediatek
Product
mt6879
CPEs
  • cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6886
CPEs
  • cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6895
CPEs
  • cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6895t
CPEs
  • cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6896
CPEs
  • cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6980
CPEs
  • cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6983
CPEs
  • cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8673
CPEs
  • cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8676
CPEs
  • cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8795t
CPEs
  • cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8798
CPEs
  • cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:02 Dec, 2024 | 04:15
Updated At:22 Apr, 2025 | 13:56

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
MediaTek Inc.
mediatek
>>nr16>>-
cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879>>-
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6886>>-
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895>>-
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895t>>-
cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6896>>-
cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6980>>-
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6983>>-
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8673>>-
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8676>>-
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8795t>>-
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8798>>-
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarysecurity@mediatek.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: security@mediatek.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/December-2024security@mediatek.com
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/December-2024
Source: security@mediatek.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

938Records found
CVE-2024-20032
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.00% / 0.14%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 02:43
Updated-22 Apr, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6989mt6885mt8791mt6889mt6768mt6855mt8789mt6886mt8321mt8792mt6873mt8796mt8768mt6833mt8781mt6739mt6761mt6789mt6985mt8766mt6580mt6785mt6877mt8765mt6781mt6779mt6893mt6765mt6835mt8673mt6853androidmt6983mt6879mt6883mt6895MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8321, MT8673, MT8765, MT8766, MT8768, MT8781, MT8789, MT8791, MT8792, MT8796mt6855mt6873mt6893mt8765mt6580mt6886mt6983mt6765mt6883mt6835mt6739mt8768mt8789mt6761mt8792mt6889mt8321mt6768mt8781mt8766mt6985mt6833mt6885mt8673mt6989mt6877mt6781mt6853mt6895mt6789mt8791mt6779mt8796mt6785mt6879
CWE ID-CWE-862
Missing Authorization
CVE-2024-20037
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.27%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 02:43
Updated-22 Apr, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8195mt6989mt8675mt6885mt6889mt6768mt8168mt6855mt6785mt6877mt6886mt6873mt6781mt6897mt6779mt6833mt8188mt6893mt6765mt6835mt8673mt6739mt6761mt6853androidmt6983mt6879mt6789mt6883mt6895mt6985MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675mt6855mt6985mt6873mt6893mt8675mt8188mt6833mt6886mt6885mt8673mt6983mt6989mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835mt6739androidmt6761mt6889mt6768mt6779mt6897mt6785mt6879
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-20012
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.39%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 05:59
Updated-09 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6835mt6889mt8788mt6757cdmt6785mt8765mt6886mt6983mt8791tmt6985mt6781mt6877mt6883mt6737mt6763mt6885androidmt8797mt6768mt6855mt8798mt6761mt6853mt6771mt6895mt6891mt6762mt6853tmt6873mt8321mt6753mt6735mt8768mt8789mt6757cmt6875mt8781mt8385mt6757chmt6765mt6580mt6731mt6769mt6879mt8786mt6833mt8766mt6757mt6739mt6789mt6779MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6895, MT6983, MT6985, MT8321, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-20022
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.84%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 02:43
Updated-13 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrtThe Linux Foundation
Product-mt6886yoctomt6835mt8673mt8667mt6789androidmt8789mt2737mt8781mt8321mt8798mt8765mt6983mt6855mt8796mt6895mt6880mt8788mt8768mt8385mt6989mt8791mt8797mt8786openwrtmt6990rdkbmt6890mt8766mt8666mt6985mt6980mt6879MT2737, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8321, MT8385, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8796, MT8797, MT8798mt6895mt6886mt6879mt6880mt8788mt8768mt6835mt8385mt6989mt8791mt8673mt8797mt8667mt6789mt8786mt6990mt8789mt6890mt2737mt8781mt8766mt8666mt8321mt6985mt8798mt8765mt6980mt6983mt6855mt8796
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-20010
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 05:59
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6765mt6983mt6753mt8667mt6779mt6877mt6893mt8768mt6771mt8765mt6757mt6853mt6879mt6757cmt8321mt6785mt8781mt8797mt6768mt8791mt6833mt8789mt6757chmt6739mt6762mt6835mt8675mt6855mt6895mt6769mt6873mt8791tmt6985mt8185mt6737mt6763mt6883mt6875mt8786mt6853tmt8798mt8766mt8385androidmt6757cdmt6735mt6781mt6885mt6886mt6580mt6891mt6889mt8666mt8673mt6731mt6761mt8788mt6789MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-20056
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 02:51
Updated-30 Apr, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrt
Product-mt6880mt6855mt6886mt8678mt6761mt6890mt6989mt6895mt6789mt6873mt6897androidmt6985mt6853mt6739openwrtmt6768mt8673mt6835mt6885mt6893mt6765mt6833mt8666mt6983mt8676mt8667mt6785mt6781rdk-bMT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678mt6895mt6886mt6785mt6765mt8676mt6739mt6880mt6835mt6989mt8673mt8667mt6893mt6789mt6873mt6761mt6890mt6781mt8666mt6833mt6985mt6768mt6885mt6983mt6855mt6897mt6853
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20021
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.71%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 02:52
Updated-30 Apr, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6877mt8678mt8195mt8385mt8788tandroidmt8765mt8788mt8666bmt8788xmt8768zmt8168mt6768mt8768amt8786mt8781mt8798mt6893mt6833mt8788zmt8667mt8768tmt6781mt8666amt8362amt8183mt8768bmt6873mt8792mt8188mt6853mt8795tmt8321mt8675mt8673mt8796mt6885mt8188tmt8666mt8195zmt8365mt8676mt6785mt8766mt8766zmt8768MT6768, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8168, MT8183, MT8188, MT8188T, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8781, MT8786, MT8788, MT8788T, MT8788, MT8788X, MT8788Z, MT8792, MT8795T, MT8796, MT8798mt6873mt6893mt8675mt8765mt8768amt8788mt8188tmt8666mt8788xmt8183mt8768tmt8666amt8768mt8792mt8362amt8766zmt8768zmt8788zmt8795tmt6768mt8321mt8781mt8766mt8786mt8768bmt8188mt6833mt6885mt8673mt6877mt6781mt8365mt8788tmt8195mt6853mt8667mt8168mt8798mt8796mt6785mt8195z
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-20414
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.00% / 0.08%
||
7 Day CHG-0.00%
Published-02 Feb, 2026 | 08:15
Updated-03 Feb, 2026 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-androidmt8766mt8678mt8786mt8768mt6989mt8196mt8796mt6897MT6897, MT6989, MT8196, MT8678, MT8766, MT8768, MT8786, MT8796
CWE ID-CWE-416
Use After Free
CVE-2025-20660
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.12%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 03:14
Updated-18 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt9972androidMT9972
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20773
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-12 Jan, 2026 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765androidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt6983mt8792mt8793mt6878mt6768mt6789mt6739mt8676mt6761mt6855mt2718mt6853mt6889mt6883mt6885mt6781MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793
CWE ID-CWE-416
Use After Free
CVE-2025-20786
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-12 Jan, 2026 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-416
Use After Free
CVE-2025-20775
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-12 Jan, 2026 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-416
Use After Free
CVE-2023-32818
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.20%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-05 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6771androidmt6885mt6761mt6768mt6779mt6785mt6765mt6763mt6853MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885mt6873mt6771mt6885mt6761mt6768mt6779mt6785mt6765mt6763mt6853
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-32860
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32859
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.97%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-17 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8175mt6873mt6893mt8675mt6886mt8395mt8788mt6983mt8188tmt8666mt8167mt6765mt6883mt8390mt6835mt8768mt8789mt6761mt8797mt6889mt8321mt6768mt8362amt8786mt8766mt6985mt8167smt8188mt6833mt6885mt6877mt6781mt8365mt8195mt6853mt6895mt8168mt6789androidmt8185mt6779mt6785mt6879mt8173MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8362A, MT8365, MT8390, MT8395, MT8666, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797mt8797
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32862
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.22%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8188, MT8195, MT8781
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32855
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.01%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:45
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.

Action-Not Available
Vendor-rdkcentralMediaTek Inc.Google LLCOpenWrtThe Linux Foundation
Product-mt6855mt6990mt6873mt6893mt8765mt2735mt8791tmt8791wifimt6983mt6765mt6853topenwrtmt6835mt6880mt8768mt6769mt6875mt6889mt6768mt2737mt8786rdk-bmt6985mt6890mt6833mt6885yoctomt6877mt6853mt8667mt6980mt6895mt8798androidmt8791mt6879MT2735, MT2737, MT6765, MT6768, MT6769, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6885, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8667, MT8765, MT8768, MT8786, MT8791, MT8791T, MT8791WIFI, MT8798
CWE ID-CWE-862
Missing Authorization
CVE-2023-32824
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-28 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8765mt6833mt6580mt6885mt8788mt6983mt8666mt6877mt6762mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6789mt6739androidmt6769mt6761mt6875mt6889mt6768mt6779mt6785mt6879MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788mt6855mt6985mt6873mt6893mt8765mt6833mt6580mt6885mt8788mt6983mt8666mt6877mt6762mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6789mt6739androidmt6769mt6761mt6875mt6889mt6768mt6779mt6785mt6879
CWE ID-CWE-415
Double Free
CVE-2023-32828
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.20%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt6771mt8188mt6885mt8395mt6877mt8183mt8195mt6891mt6853mt6853tmt8390androidiot_yoctomt6779mt6785MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395mt6853tmt6873mt6893mt6771mt6891mt8188mt8390mt6885mt8395mt6877mt6779mt6785mt8183mt8195mt6853
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32863
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.83%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8781mt6855mt6873mt6781mt6779mt6765mt6893mt6833mt6761mt6985mt6885mt6785mt6835mt6768mt6879mt6789mt6886mt6895mt6853mt6889mt6983mt6877mt6883androidMT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8781
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32884
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.18%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6985mt8175mt8795tmt8765mt2713mt8321mt8696mt6765mt6580mt8362amt8167smt6785mt8667mt6855mt6893mt8797mt6889mt8791mt6853mt6768mt8798mt6739mt6879mt8192mt6779mt8673mt8766mt6983mt8768mt8791tmt6781mt8195zmt6877mt8195mt8788mt8789mt6886mt8168mt8167mt8666mt8385mt6835mt8781mt8786mt6789mt8365androidmt8871mt8173mt8188mt8775mt8395mt6883mt8771mt6761mt6833mt8755mt6895mt6885MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8188, MT8192, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8696, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-32829
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.12%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-21 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6896mt8137mt6879mt6985mt8188mt6886mt8395mt6983yoctomt8195mt6891mt6895mt8390androidiot_yoctomt8139mt8195zMT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395mt6896mt8137mt6895mt6985mt8390mt8188androidmt6886mt8395mt6983mt8139mt8195mt8195zmt6879mt6891
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32861
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Dec, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt8673mt6983mt6877mt6781mt8167mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8188, MT8195, MT8673
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32885
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.18%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 02:49
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6765mt6983mt8188mt6779mt6877mt6893mt8768mt6853mt6879mt6785mt8195mt8781mt6768mt6833mt8789mt6835mt6855mt6895mt6873mt8791tmt6985mt6883mt8798mt8766androidmt6781mt6885mt6886mt6889mt8168mt6761mt6789MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8188, MT8195, MT8766, MT8768, MT8781, MT8789, MT8791T, MT8798
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-32834
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-29 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt8786mt6753mt6855mt8789mt6785mt6580mt6853tmt8781mt6883mt6735mt6985mt8185mt6781mt8797mt6737mt8768mt8667androidmt6885mt6877mt8385mt6771mt6895mt8765mt6886mt8666mt8766mt6893mt6765mt6853mt6768mt6833mt6789mt8673mt8791tmt8798mt6761mt8321mt6983mt6889mt8675mt8791mt6873mt6779mt6879mt6835mt8788MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-32835
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-24 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6781mt6875mt6753mt6855androidmt6879mt6789mt8788mt8789mt6886mt8791tmt6765mt8673mt6853tmt6761mt8385mt6891mt8666mt8667mt8791mt8798mt6769mt8781mt8675mt6757mt6779mt6731mt6762mt8768mt6735mt6785mt6889mt8797mt6739mt6737mt6757cmt6757cdmt8765mt6873mt6883mt6877mt6985mt6757chmt6853mt8185mt6833mt6893mt8786mt6768mt6763mt6771mt6885mt8321mt6983mt8766mt6835mt6895mt6580MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-32870
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.38%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8188mt6833mt6886mt6885mt8673mt6983mt6877mt6781mt8183mt6765mt8195mt6853mt6883mt6895mt8168mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt8781mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8183, MT8188, MT8195, MT8673, MT8781
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32823
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 02:05
Updated-23 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt8765mt6833mt6580mt6885mt8788mt6983mt8666mt6877mt6762mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6789mt6739androidmt6769mt6761mt6875mt6889mt6768mt6779mt6785mt6879MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788mt6855mt6985mt6873mt6893mt8765mt6833mt6580mt6885mt8788mt6983mt8666mt6877mt6762mt6781mt6765mt6891mt6883mt6853mt6895mt6853tmt6789mt6739mt6769mt6761mt6875mt6889mt6768mt6779mt6785mt6879
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-21774
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.44%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:07
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6893mt6771mt6833mt6885mt6983mt6877mt6781mt6765mt6853mt6895androidmt6875mt6761mt6768mt6779mt6785mt6879MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-21786
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:08
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6873mt6893mt8798androidmt6833mt6885mt8797mt6983mt8791mt6877mt6879mt6853MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8791, MT8797, MT8798
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2022-20062
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.91%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt6873mt6893mt8675mt8765mt8788mt8666mt8183mt8167mt6765mt6891mt8735amt6853tmt8768mt8789mt8797mt8321mt8362amt8786mt8766mt8167smt8385mt6833mt6885mt6877mt8365mt6853mt8667mt8168androidmt8185mt8791mt8163mt6785mt8735bmt6879mt8173MT6765, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6885, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-416
Use After Free
CVE-2023-20641
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.63%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8791androidmt6983mt6879mt8791tmt6895mt8797MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20708
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.90%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6983mt6757cdmt6769androidmt6877mt8768mt8791tmt6768mt6763mt6739mt6785mt8185mt8766mt6891mt6789mt8797mt8667mt6757cmt6885mt6779mt6757mt8781mt6781mt6853tmt6855mt8789mt6889mt6893mt6833mt6762mt6765mt6735mt8666mt8791mt8385mt6879mt6731mt6757chmt8321mt8786mt6873mt6753mt6853mt8788mt6883mt6737mt6771mt8765mt6875mt6761mt6580MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20661
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782.

Action-Not Available
Vendor-yoctoprojectGoogle LLCMediaTek Inc.Linux Kernel Organization, Inc
Product-androidmt8786mt8798mt6983mt8167smt8518mt8175mt8385mt8365mt7902mt8797mt8771mt5221mt8791tmt8766mt8795tmt7921yoctomt6879mt8362amt8788linux_kernelmt8768mt6895mt8789mt8781mt8532mt8168mt8696MT5221, MT6879, MT6895, MT6983, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8696, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-20733
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.67%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-08 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6873mt6893mt6833mt8395mt6885yoctomt6877mt6781mt8365mt6891mt6883mt6853iot-yoctomt6853tmt8168mt6789androidmt6769mt6875mt6889mt6768mt6779mt6785MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395
CWE ID-CWE-667
Improper Locking
CVE-2023-20637
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8768androidmt8781mt6983mt6879mt8765mt8786mt8791tmt6895mt8797mt8766mt8788mt8321mt8789MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20621
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.65%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6893mt6789mt6771androidmt6739mt6885mt6761mt6983mt6762mt6765mt6879mt6883MT6739, MT6761, MT6762, MT6765, MT6771, MT6789, MT6879, MT6883, MT6885, MT6893, MT6895, MT6983
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20662
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-17 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765.

Action-Not Available
Vendor-yoctoprojectGoogle LLCMediaTek Inc.Linux Kernel Organization, Inc
Product-androidmt8786mt8798mt6983mt8167smt8518mt8175mt8385mt8365mt7902mt8797mt8771mt5221mt8791tmt8766mt8795tmt7921yoctomt6879mt8362amt8788linux_kernelmt8768mt6895mt8789mt8781mt8532mt8168mt8696MT5221, MT6879, MT6895, MT6983, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8696, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-20650
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6889mt6875mt6873mt6853tmt6877mt6885mt6983mt6895mt6891mt6879mt6883androidmt6893MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20628
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.59%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6580mt6781mt6739mt6885mt6855mt6983mt8362amt8168mt6771mt8797mt8765mt6833mt6789mt8321mt8789mt8786mt6873mt8175androidmt6779mt6891mt8365mt6762mt8791tmt8766mt8167mt6889mt8167smt6895mt6761mt6768mt6883mt6765mt6893mt8385mt6769mt8781mt6785mt6879mt6853mt8788mt8768MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-248
Uncaught Exception
CVE-2023-20707
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.58%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6757cdmt6769androidmt6877mt8768mt8791tmt6768mt6763mt6739mt6785mt8766mt6891mt6789mt6757cmt6885mt6779mt6757mt8781mt6781mt6853tmt6855mt8789mt6889mt6893mt6833mt6762mt6765mt6735mt6879mt6757chmt8321mt8786mt6873mt6753mt6853mt8788mt6883mt6737mt6771mt8765mt6875mt6761MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20642
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8768androidmt8781mt6983mt6879mt8765mt8786mt8791tmt6895mt8797mt8766mt8788mt8321mt8789MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20737
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.67%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645167.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6873mt6893mt6833mt8395mt6885yoctomt6877mt6781mt8365mt6891mt6883mt6853iot-yoctomt6853tmt8168mt6789androidmt6769mt6875mt6889mt6768mt6779mt6785MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395
CWE ID-CWE-667
Improper Locking
CVE-2023-20633
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.65%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853mt6893androidmt6768mt6781mt6855mt6983mt6833mt6873mt6739mt8666mt8167mt6765mt8168mt6885mt6779mt6580mt6735mt6763mt6789mt8675mt6895mt6771mt6761mt6785MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2023-20640
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8791androidmt6983mt6879mt8791tmt6895mt8797MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20745
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.04%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6855iot-yoctomt8786mt6789androidmt8789mt8395mt8797mt8185mt8791yoctomt8365mt8781mt8195MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797
CWE ID-CWE-667
Improper Locking
CVE-2023-20638
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt6855mt6853tmt8781mt6833mt6739mt6779mt6885mt6763mt6789mt6875mt6769mt6895mt6761mt8789mt6785mt6853mt6893mt6753mt8768mt6768mt6781mt6889mt6983mt8786mt6873mt6765mt6762mt8766mt8788mt6883mt8797mt6877mt6879mt8765mt8791tmt6771mt8321MT6739, MT6753, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20772
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.67%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6873mt6893mt6580mt6886mt8791tmt6983mt6765mt6737mt6883mt6853tmt6835mt6739mt6761mt8797mt6889mt6768mt8781mt6985mt6771mt6833mt6885mt6735mt6753mt6877mt6781mt6853mt6895mt6789androidmt8791mt6779mt6785mt6879MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8781, MT8791, MT8791T, MT8797
CWE ID-CWE-862
Missing Authorization
CVE-2023-20746
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.04%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6855mt8765mt8395mt8788mt8791tyoctomt8365mt8167mt8195iot-yoctomt8168mt6789mt8768mt8789mt8781androidmt8797mt8185mt8321mt8791mt8786mt8766mt8173MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
CWE ID-CWE-667
Improper Locking
CVE-2023-20664
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8788mt6853mt8871mt6895mt6983mt8185mt8786mt6889mt6873mt6737mt8766mt8765mt6833mt6739mt8891mt6765mt8385mt6883mt6753mt6789mt8771mt6785mt6735mt6877mt6855mt8781mt6771mt6580mt8168mt6853tmt8795tmt8188mt8321mt8789mt6779mt6885mt8666mt6768mt6781mt6879mt6893mt8362amt8768mt8675mt8791mt8791tandroidmt8797mt8696mt8798mt6761mt8673mt8365MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8185, MT8188, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 18
  • 19
  • Next
Details not found