The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
| Severity | CVEs |
|---|---|
| High | CVE-2023-20819, CVE-2023-32819, CVE-2023-32820 |
| Medium | CVE-2023-32821, CVE-2023-32822, CVE-2023-32823, CVE-2023-32824, CVE-2023-32826, CVE-2023-32827, CVE-2023-32828, CVE-2023-32829, CVE-2023-32830 |
Details
| CVE | CVE-2023-20819 |
|---|---|
| Title | Out-of-bounds write in CDMA PPP protocol |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2731, MT6570, MT6580, MT6595, MT6732, MT6735, MT6737, MT6737M, MT6738, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6795, MT6797, MT6799, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8786, MT8788, MT8788T, MT8788X, MT8788Z, MT8791, MT8791T, MT8797, MT8798 |
| Affected Software Versions | Modem LR11, LR12A, LR13, NR15, NR16, NR17 |
| CVE | CVE-2023-32819 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in display |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32820 |
|---|---|
| Title | Denial of service in wlan firmware |
| Severity | High |
| Vulnerability Type | DoS |
| CWE | CWE-400 Denial of Service |
| Description | In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5221, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8168, MT8365, MT8518S, MT8532, MT8666, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791, MT8797, MT8798 |
| Affected Software Versions | Android 11.0, 12.0, 13.0 / Linux 4.19 / Yocto 3.1, 3.3 / IOT-v23.0 |
| CVE | CVE-2023-32821 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in video |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32822 |
|---|---|
| Title | Improper input validation in ftm |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6833, MT6835, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32823 |
|---|---|
| Title | Integer overflow or wraparound in rpmb |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32824 |
|---|---|
| Title | Double free in rpmb |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-415 Double Free |
| Description | In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8765, MT8788 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32826 |
|---|---|
| Title | Out-of-bounds write in camera middleware |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32827 |
|---|---|
| Title | Out-of-bounds write in camera middleware |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0 |
| CVE | CVE-2023-32828 |
|---|---|
| Title | Integer overflow or wraparound in vpu |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6771, MT6779, MT6785, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6891, MT6893, MT8183, MT8188, MT8195, MT8390, MT8395 |
| Affected Software Versions | Android 12.0 / IOT-v23.0 |
| CVE | CVE-2023-32829 |
|---|---|
| Title | Out-of-bounds write in apusys |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6879, MT6886, MT6891, MT6895, MT6896, MT6983, MT6985, MT8137, MT8139, MT8188, MT8195, MT8195Z, MT8390, MT8395 |
| Affected Software Versions | Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / IOT-v23.0 |
| CVE | CVE-2023-32830 |
|---|---|
| Title | Out-of-bounds write in TVAPI |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT5527, MT5583, MT5598, MT5599, MT5670, MT5680, MT5691, MT5695, MT5806, MT5813, MT5815, MT5816, MT5833, MT5835, MT5895, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9215, MT9216, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9600, MT9602, MT9610, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9633, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9660, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9679, MT9685, MT9686, MT9688, MT9900, MT9901, MT9931, MT9950, MT9969, MT9970, MT9980, MT9981 |
| Affected Software Versions | Android 10.0, 11.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | October 2, 2023 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.