CVE-2023-32840 - Vulnerability Details

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek Subscribe	Lr12a Subscribe Mt2731 Subscribe Mt2735 Subscribe Mt6731 Subscribe Mt6739 Subscribe Mt6761 Subscribe Mt6762 Subscribe Mt6763 Subscribe Mt6765 Subscribe Mt6767 Subscribe Mt6768 Subscribe Mt6769 Subscribe Mt6769t Subscribe Mt6769z Subscribe Mt6771 Subscribe Mt6771t Subscribe Mt6813 Subscribe Mt6833 Subscribe Mt6833p Subscribe Mt6835 Subscribe Mt6853 Subscribe Mt6853t Subscribe Mt6855 Subscribe Mt6873 Subscribe Mt6875 Subscribe Mt6877 Subscribe Mt6877t Subscribe Mt6878 Subscribe Mt6879 Subscribe Mt6880 Subscribe Mt6883 Subscribe Mt6885 Subscribe Mt6886 Subscribe Mt6889 Subscribe Mt6890 Subscribe Mt6891 Subscribe Mt6893 Subscribe Mt6895 Subscribe Mt6895t Subscribe Mt6896 Subscribe Mt6897 Subscribe Mt6980 Subscribe Mt6980d Subscribe Mt6983t Subscribe Mt6983w Subscribe Mt6983z Subscribe Mt6985 Subscribe Mt6985t Subscribe Mt6989 Subscribe Mt6990 Subscribe Mt8666 Subscribe Mt8667 Subscribe Mt8673 Subscribe Mt8675 Subscribe Mt8765 Subscribe Mt8766 Subscribe Mt8768 Subscribe Mt8781 Subscribe Mt8786 Subscribe Mt8788 Subscribe Mt8789 Subscribe Mt8791 Subscribe Mt8791t Subscribe Mt8797 Subscribe Mt8798 Subscribe Nr15 Subscribe Nr16 Subscribe Nr17 Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:mediatek:lr12a:-:::::::*
	cpe:2.3:o:mediatek:nr15:-:::::::*
	cpe:2.3:o:mediatek:nr16:-:::::::*
	cpe:2.3:o:mediatek:nr17:-:::::::*

OR	cpe:2.3:h:mediatek:mt2731:-:::::::*
	cpe:2.3:h:mediatek:mt2735:-:::::::*
	cpe:2.3:h:mediatek:mt6731:-:::::::*
	cpe:2.3:h:mediatek:mt6739:-:::::::*
	cpe:2.3:h:mediatek:mt6761:-:::::::*
	cpe:2.3:h:mediatek:mt6762:-:::::::*
	cpe:2.3:h:mediatek:mt6763:-:::::::*
	cpe:2.3:h:mediatek:mt6765:-:::::::*
	cpe:2.3:h:mediatek:mt6767:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6769:-:::::::*
	cpe:2.3:h:mediatek:mt6769t:-:::::::*
	cpe:2.3:h:mediatek:mt6769z:-:::::::*
	cpe:2.3:h:mediatek:mt6771:-:::::::*
	cpe:2.3:h:mediatek:mt6771t:-:::::::*
	cpe:2.3:h:mediatek:mt6813:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6833p:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6875:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6877t:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6880:-:::::::*
	cpe:2.3:h:mediatek:mt6883:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt6891:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6895t:-:::::::*
	cpe:2.3:h:mediatek:mt6896:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6980d:-:::::::*
	cpe:2.3:h:mediatek:mt6983t:-:::::::*
	cpe:2.3:h:mediatek:mt6983w:-:::::::*
	cpe:2.3:h:mediatek:mt6983z:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6985t:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt8666:-:::::::*
	cpe:2.3:h:mediatek:mt8667:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8675:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8791:-:::::::*
	cpe:2.3:h:mediatek:mt8791t:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-37061	In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/November-2023

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-11-06T03:50:57.414Z

Updated: 2024-09-05T15:06:29.403Z

Reserved: 2023-05-16T03:04:32.153Z

Link: CVE-2023-32840

Vulnrichment

Updated: 2024-08-02T15:32:44.816Z

NVD

Status : Modified

Published: 2023-11-06T04:15:08.097

Modified: 2024-11-21T08:04:09.620

Link: CVE-2023-32840

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object