From 14fc564de4519867b12789e5d9aa7b6ae5de801b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 4 Dec 2023 04:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14628.json | 5 ++++ 2023/32xxx/CVE-2023-32841.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32842.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32843.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32844.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32845.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32846.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32847.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32848.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32849.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32850.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32851.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32852.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32853.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32854.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32855.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32856.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32857.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32858.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32859.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32860.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32861.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32862.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32863.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32864.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32865.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32866.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32867.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32868.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32869.json | 53 +++++++++++++++++++++++++++++++--- 2023/32xxx/CVE-2023-32870.json | 53 +++++++++++++++++++++++++++++++--- 2023/6xxx/CVE-2023-6111.json | 10 +++++++ 32 files changed, 1485 insertions(+), 120 deletions(-) diff --git a/2018/14xxx/CVE-2018-14628.json b/2018/14xxx/CVE-2018-14628.json index bb5eeeb45a8..8507db9c20d 100644 --- a/2018/14xxx/CVE-2018-14628.json +++ b/2018/14xxx/CVE-2018-14628.json @@ -73,6 +73,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/" } ] } diff --git a/2023/32xxx/CVE-2023-32841.json b/2023/32xxx/CVE-2023-32841.json index f0aff09c41a..414f59fe9ad 100644 --- a/2023/32xxx/CVE-2023-32841.json +++ b/2023/32xxx/CVE-2023-32841.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32841", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15, NR16, and NR17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32842.json b/2023/32xxx/CVE-2023-32842.json index 57abfa6cc55..dece36db65e 100644 --- a/2023/32xxx/CVE-2023-32842.json +++ b/2023/32xxx/CVE-2023-32842.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15, NR16, and NR17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32843.json b/2023/32xxx/CVE-2023-32843.json index 59b03a379e1..fa301cbac65 100644 --- a/2023/32xxx/CVE-2023-32843.json +++ b/2023/32xxx/CVE-2023-32843.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15, NR16, and NR17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32844.json b/2023/32xxx/CVE-2023-32844.json index 800e6771ec6..eaa55517a5d 100644 --- a/2023/32xxx/CVE-2023-32844.json +++ b/2023/32xxx/CVE-2023-32844.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15, NR16, and NR17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32845.json b/2023/32xxx/CVE-2023-32845.json index 26aaf84febc..f72f3dd59d9 100644 --- a/2023/32xxx/CVE-2023-32845.json +++ b/2023/32xxx/CVE-2023-32845.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15, NR16, and NR17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32846.json b/2023/32xxx/CVE-2023-32846.json index f79c299fda7..475ca874fd6 100644 --- a/2023/32xxx/CVE-2023-32846.json +++ b/2023/32xxx/CVE-2023-32846.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6297, MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Modem NR15, NR16, and NR17" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32847.json b/2023/32xxx/CVE-2023-32847.json index 0c0f9e9ab88..7a294f94892 100644 --- a/2023/32xxx/CVE-2023-32847.json +++ b/2023/32xxx/CVE-2023-32847.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08241940; Issue ID: ALPS08241940." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2713, MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32848.json b/2023/32xxx/CVE-2023-32848.json index 008d3c4dffe..6e9b9099dc2 100644 --- a/2023/32xxx/CVE-2023-32848.json +++ b/2023/32xxx/CVE-2023-32848.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6853, MT6873, MT6885", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32849.json b/2023/32xxx/CVE-2023-32849.json index 615f2c9f92a..3b5545a98aa 100644 --- a/2023/32xxx/CVE-2023-32849.json +++ b/2023/32xxx/CVE-2023-32849.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6781, MT6785, MT6833, MT6853, MT6873, MT6885, MT6889, MT6893, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32850.json b/2023/32xxx/CVE-2023-32850.json index e17dfb9366e..8109709f601 100644 --- a/2023/32xxx/CVE-2023-32850.json +++ b/2023/32xxx/CVE-2023-32850.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32851.json b/2023/32xxx/CVE-2023-32851.json index f1c98a48058..6c1d4d61e4e 100644 --- a/2023/32xxx/CVE-2023-32851.json +++ b/2023/32xxx/CVE-2023-32851.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32852.json b/2023/32xxx/CVE-2023-32852.json index 4df77dfb728..f533618be86 100644 --- a/2023/32xxx/CVE-2023-32852.json +++ b/2023/32xxx/CVE-2023-32852.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6779", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32853.json b/2023/32xxx/CVE-2023-32853.json index ce9a1de8f9a..ca05e5e6669 100644 --- a/2023/32xxx/CVE-2023-32853.json +++ b/2023/32xxx/CVE-2023-32853.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8321, MT8365", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32854.json b/2023/32xxx/CVE-2023-32854.json index 0200be1e812..e275f3b0a72 100644 --- a/2023/32xxx/CVE-2023-32854.json +++ b/2023/32xxx/CVE-2023-32854.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6835, MT6879, MT6886, MT6895, MT6983, MT6985, MT8321, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32855.json b/2023/32xxx/CVE-2023-32855.json index 32b6704cfe9..85e2cc9f0c0 100644 --- a/2023/32xxx/CVE-2023-32855.json +++ b/2023/32xxx/CVE-2023-32855.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2735, MT2737, MT6765, MT6768, MT6769, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6885, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8667, MT8765, MT8768, MT8786, MT8791, MT8791T, MT8791WIFI, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32856.json b/2023/32xxx/CVE-2023-32856.json index 21367775734..1b218163d37 100644 --- a/2023/32xxx/CVE-2023-32856.json +++ b/2023/32xxx/CVE-2023-32856.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32857.json b/2023/32xxx/CVE-2023-32857.json index 089dbfb9d0a..14ae41cebed 100644 --- a/2023/32xxx/CVE-2023-32857.json +++ b/2023/32xxx/CVE-2023-32857.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6765, MT6768, MT6833, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT6985, MT8188, MT8195, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32858.json b/2023/32xxx/CVE-2023-32858.json index 795e0f9ce76..4343f641ee9 100644 --- a/2023/32xxx/CVE-2023-32858.json +++ b/2023/32xxx/CVE-2023-32858.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6771, MT6835, MT6886, MT6983, MT6985, MT8766, MT8768, MT8788", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32859.json b/2023/32xxx/CVE-2023-32859.json index cf366bbe417..20845008053 100644 --- a/2023/32xxx/CVE-2023-32859.json +++ b/2023/32xxx/CVE-2023-32859.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32859", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8362A, MT8365, MT8390, MT8395, MT8666, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32860.json b/2023/32xxx/CVE-2023-32860.json index ec27aa6bed7..d305cfdb61a 100644 --- a/2023/32xxx/CVE-2023-32860.json +++ b/2023/32xxx/CVE-2023-32860.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32861.json b/2023/32xxx/CVE-2023-32861.json index 2ff97cf4dbb..c4c487f2996 100644 --- a/2023/32xxx/CVE-2023-32861.json +++ b/2023/32xxx/CVE-2023-32861.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08059081; Issue ID: ALPS08059081." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8188, MT8195, MT8673", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32862.json b/2023/32xxx/CVE-2023-32862.json index 41aa2821022..dfd3fe93c47 100644 --- a/2023/32xxx/CVE-2023-32862.json +++ b/2023/32xxx/CVE-2023-32862.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8188, MT8195, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32863.json b/2023/32xxx/CVE-2023-32863.json index 7d1e4e03ee1..84cc285b345 100644 --- a/2023/32xxx/CVE-2023-32863.json +++ b/2023/32xxx/CVE-2023-32863.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ID: ALPS07326314." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32864.json b/2023/32xxx/CVE-2023-32864.json index 75f358a9478..ab903a6a195 100644 --- a/2023/32xxx/CVE-2023-32864.json +++ b/2023/32xxx/CVE-2023-32864.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32864", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292187; Issue ID: ALPS07292187." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8195, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32865.json b/2023/32xxx/CVE-2023-32865.json index 34239e26fe6..1161592a3c1 100644 --- a/2023/32xxx/CVE-2023-32865.json +++ b/2023/32xxx/CVE-2023-32865.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363456; Issue ID: ALPS07363456." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32866.json b/2023/32xxx/CVE-2023-32866.json index b6ffe5c4a81..6247e1bf058 100644 --- a/2023/32xxx/CVE-2023-32866.json +++ b/2023/32xxx/CVE-2023-32866.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32866", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32867.json b/2023/32xxx/CVE-2023-32867.json index bd178ed9014..e330bf984d6 100644 --- a/2023/32xxx/CVE-2023-32867.json +++ b/2023/32xxx/CVE-2023-32867.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32867", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32868.json b/2023/32xxx/CVE-2023-32868.json index c38d0f6a2b1..a33014d3a9d 100644 --- a/2023/32xxx/CVE-2023-32868.json +++ b/2023/32xxx/CVE-2023-32868.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32868", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363632." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32869.json b/2023/32xxx/CVE-2023-32869.json index d9a30e570db..ea4bec8d724 100644 --- a/2023/32xxx/CVE-2023-32869.json +++ b/2023/32xxx/CVE-2023-32869.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32869", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/32xxx/CVE-2023-32870.json b/2023/32xxx/CVE-2023-32870.json index ab60b98e5c1..eca31fdb25b 100644 --- a/2023/32xxx/CVE-2023-32870.json +++ b/2023/32xxx/CVE-2023-32870.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32870", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363740; Issue ID: ALPS07363740." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8168, MT8183, MT8188, MT8195, MT8673, MT8781", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://corp.mediatek.com/product-security-bulletin/December-2023", + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/December-2023" } ] } diff --git a/2023/6xxx/CVE-2023-6111.json b/2023/6xxx/CVE-2023-6111.json index f041ed87056..506e6f0efdd 100644 --- a/2023/6xxx/CVE-2023-6111.json +++ b/2023/6xxx/CVE-2023-6111.json @@ -64,6 +64,16 @@ "url": "https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630", "refsource": "MISC", "name": "https://kernel.dance/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IG6IF3FUY7LVZJMFRPANAU4L4PSJ3ESQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IG6IF3FUY7LVZJMFRPANAU4L4PSJ3ESQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ7JVDEDZV5SNHG5EW7RHKK2ZN56HSGB/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQ7JVDEDZV5SNHG5EW7RHKK2ZN56HSGB/" } ] },