{
  "id": "CVE-2023-32805",
  "sourceIdentifier": "security@mediatek.com",
  "published": "2023-09-04T03:15:12.140",
  "lastModified": "2024-11-21T08:04:03.750",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892."
    },
    {
      "lang": "es",
      "value": "En power, existe una posible escritura fuera de l\u00edmites debido a un valor predeterminado inseguro. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08102892; ID del problema: ALPS08102892."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
      "source": "security@mediatek.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}