CVE-2023-32830 - Vulnerability Details

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Android
Mediatek	Mt5527 Mt5583 Mt5598 Mt5599 Mt5670 Mt5680 Mt5691 Mt5695 Mt5806 Mt5813 Mt5815 Mt5816 Mt5833 Mt5835 Mt5895 Mt9010 Mt9011 Mt9012 Mt9016 Mt9020 Mt9021 Mt9022 Mt9215 Mt9216 Mt9221 Mt9222 Mt9255 Mt9256 Mt9266 Mt9269 Mt9285 Mt9286 Mt9600 Mt9602 Mt9610 Mt9612 Mt9613 Mt9615 Mt9617 Mt9629 Mt9630 Mt9631 Mt9632 Mt9633 Mt9636 Mt9638 Mt9639 Mt9649 Mt9650 Mt9652 Mt9653 Mt9660 Mt9666 Mt9667 Mt9669 Mt9670 Mt9671 Mt9675 Mt9679 Mt9685 Mt9686 Mt9688 Mt9900 Mt9901 Mt9931 Mt9950 Mt9969 Mt9970 Mt9980 Mt9981

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*

OR	cpe:2.3:h:mediatek:mt5527:-:::::::*
	cpe:2.3:h:mediatek:mt5583:-:::::::*
	cpe:2.3:h:mediatek:mt5598:-:::::::*
	cpe:2.3:h:mediatek:mt5599:-:::::::*
	cpe:2.3:h:mediatek:mt5670:-:::::::*
	cpe:2.3:h:mediatek:mt5680:-:::::::*
	cpe:2.3:h:mediatek:mt5691:-:::::::*
	cpe:2.3:h:mediatek:mt5695:-:::::::*
	cpe:2.3:h:mediatek:mt5806:-:::::::*
	cpe:2.3:h:mediatek:mt5813:-:::::::*
	cpe:2.3:h:mediatek:mt5815:-:::::::*
	cpe:2.3:h:mediatek:mt5816:-:::::::*
	cpe:2.3:h:mediatek:mt5833:-:::::::*
	cpe:2.3:h:mediatek:mt5835:-:::::::*
	cpe:2.3:h:mediatek:mt5895:-:::::::*
	cpe:2.3:h:mediatek:mt9010:-:::::::*
	cpe:2.3:h:mediatek:mt9011:-:::::::*
	cpe:2.3:h:mediatek:mt9012:-:::::::*
	cpe:2.3:h:mediatek:mt9016:-:::::::*
	cpe:2.3:h:mediatek:mt9020:-:::::::*
	cpe:2.3:h:mediatek:mt9021:-:::::::*
	cpe:2.3:h:mediatek:mt9022:-:::::::*
	cpe:2.3:h:mediatek:mt9215:-:::::::*
	cpe:2.3:h:mediatek:mt9216:-:::::::*
	cpe:2.3:h:mediatek:mt9221:-:::::::*
	cpe:2.3:h:mediatek:mt9222:-:::::::*
	cpe:2.3:h:mediatek:mt9255:-:::::::*
	cpe:2.3:h:mediatek:mt9256:-:::::::*
	cpe:2.3:h:mediatek:mt9266:-:::::::*
	cpe:2.3:h:mediatek:mt9269:-:::::::*
	cpe:2.3:h:mediatek:mt9285:-:::::::*
	cpe:2.3:h:mediatek:mt9286:-:::::::*
	cpe:2.3:h:mediatek:mt9600:-:::::::*
	cpe:2.3:h:mediatek:mt9602:-:::::::*
	cpe:2.3:h:mediatek:mt9610:-:::::::*
	cpe:2.3:h:mediatek:mt9612:-:::::::*
	cpe:2.3:h:mediatek:mt9613:-:::::::*
	cpe:2.3:h:mediatek:mt9615:-:::::::*
	cpe:2.3:h:mediatek:mt9617:-:::::::*
	cpe:2.3:h:mediatek:mt9629:-:::::::*
	cpe:2.3:h:mediatek:mt9630:-:::::::*
	cpe:2.3:h:mediatek:mt9631:-:::::::*
	cpe:2.3:h:mediatek:mt9632:-:::::::*
	cpe:2.3:h:mediatek:mt9633:-:::::::*
	cpe:2.3:h:mediatek:mt9636:-:::::::*
	cpe:2.3:h:mediatek:mt9638:-:::::::*
	cpe:2.3:h:mediatek:mt9639:-:::::::*
	cpe:2.3:h:mediatek:mt9649:-:::::::*
	cpe:2.3:h:mediatek:mt9650:-:::::::*
	cpe:2.3:h:mediatek:mt9652:-:::::::*
	cpe:2.3:h:mediatek:mt9653:-:::::::*
	cpe:2.3:h:mediatek:mt9660:-:::::::*
	cpe:2.3:h:mediatek:mt9666:-:::::::*
	cpe:2.3:h:mediatek:mt9667:-:::::::*
	cpe:2.3:h:mediatek:mt9669:-:::::::*
	cpe:2.3:h:mediatek:mt9670:-:::::::*
	cpe:2.3:h:mediatek:mt9671:-:::::::*
	cpe:2.3:h:mediatek:mt9675:-:::::::*
	cpe:2.3:h:mediatek:mt9679:-:::::::*
	cpe:2.3:h:mediatek:mt9685:-:::::::*
	cpe:2.3:h:mediatek:mt9686:-:::::::*
	cpe:2.3:h:mediatek:mt9688:-:::::::*
	cpe:2.3:h:mediatek:mt9900:-:::::::*
	cpe:2.3:h:mediatek:mt9901:-:::::::*
cpe:2.3:h:mediatek:mt9931:-:::::::*
cpe:2.3:h:mediatek:mt9950:-:::::::*
cpe:2.3:h:mediatek:mt9969:-:::::::*
cpe:2.3:h:mediatek:mt9970:-:::::::*
cpe:2.3:h:mediatek:mt9980:-:::::::*
cpe:2.3:h:mediatek:mt9981:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/October-2023

History

Sat, 21 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-10-02T02:05:44.060Z

Updated: 2024-09-21T15:18:25.800Z

Reserved: 2023-05-16T03:04:32.150Z

Link: CVE-2023-32830

Vulnrichment

Updated: 2024-08-02T15:25:37.057Z

NVD

Status : Modified

Published: 2023-10-02T03:15:10.233

Modified: 2024-11-21T08:04:08.193

Link: CVE-2023-32830

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object