CVE-2023-32832

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32832
In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/175662/Android-mtk_jpeg-Driver-Race-Condition-Privilege-Escalation.html
https://corp.mediatek.com/product-security-bulletin/November-2023 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
History

14 Nov 2023, 03:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/175662/Android-mtk_jpeg-Driver-Race-Condition-Privilege-Escalation.html -

13 Nov 2023, 18:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.0
References (MISC) https://corp.mediatek.com/product-security-bulletin/November-2023 - (MISC) https://corp.mediatek.com/product-security-bulletin/November-2023 - Vendor Advisory
CWE CWE-787
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
First Time Mediatek
Mediatek mt6883
Google
Mediatek mt6893
Mediatek mt8797
Mediatek mt6889
Mediatek mt6985
Mediatek mt6885
Mediatek mt6983
Google android
Mediatek mt8798
Mediatek mt6895

06 Nov 2023, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-06 04:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-32832

Mitre link : CVE-2023-32832

CVE.ORG link : CVE-2023-32832

JSON object : View

Products Affected

mediatek

  • mt6883
  • mt6985
  • mt8798
  • mt6885
  • mt8797
  • mt6889
  • mt6895
  • mt6983
  • mt6893

google

  • android
CWE
CWE-787

Out-of-bounds Write


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024