mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-12-16 10:44:41 +00:00
237 lines
8.5 KiB
JSON
237 lines
8.5 KiB
JSON
{
|
|
"id": "CVE-2025-20635",
|
|
"sourceIdentifier": "security@mediatek.com",
|
|
"published": "2025-02-03T04:15:08.540",
|
|
"lastModified": "2025-02-18T19:15:24.830",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En V6 DA, existe una posible escritura fuera de los l\u00edmites debido a un neutra. Esto podr\u00eda provocar una escalada local de privilegios, si un atacante tiene acceso f\u00edsico al dispositivo, sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09403752; ID de problema: MSV-2434."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"baseScore": 6.6,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "PHYSICAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 0.7,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@mediatek.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-787"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CB397DA1-62B3-48FD-B694-9FDA4DA25EDE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:openwrt:openwrt:22.03.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E4A72088-37C7-4820-B650-440FE4848BDD"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9C2A1118-B5F7-4EF5-B329-0887B5F3430E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://corp.mediatek.com/product-security-bulletin/February-2025",
|
|
"source": "security@mediatek.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |