6.7

CVE-2023-32828

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.

Data is provided by the National Vulnerability Database (NVD)
MediatekIot Yocto Version23.0
   MediatekMt6771 Version-
   MediatekMt6779 Version-
   MediatekMt6785 Version-
   MediatekMt6853 Version-
   MediatekMt6853t Version-
   MediatekMt6873 Version-
   MediatekMt6877 Version-
   MediatekMt6885 Version-
   MediatekMt6891 Version-
   MediatekMt6893 Version-
   MediatekMt8183 Version-
   MediatekMt8188 Version-
   MediatekMt8195 Version-
   MediatekMt8390 Version-
   MediatekMt8395 Version-
GoogleAndroid Version12.0
   MediatekMt6771 Version-
   MediatekMt6779 Version-
   MediatekMt6785 Version-
   MediatekMt6853 Version-
   MediatekMt6853t Version-
   MediatekMt6873 Version-
   MediatekMt6877 Version-
   MediatekMt6885 Version-
   MediatekMt6891 Version-
   MediatekMt6893 Version-
   MediatekMt8183 Version-
   MediatekMt8188 Version-
   MediatekMt8195 Version-
   MediatekMt8390 Version-
   MediatekMt8395 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.077
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.