In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.
A CWE-843 type confusion error in the venc component causes data to be interpreted as a different type than it was allocated, enabling an out-of-bounds write to the allocated buffer memory. An attacker with System-level privileges can exploit this vulnerability without any user interaction. This results in the possibility of code execution with elevated privileges in the system context.
An attacker can cause local privilege escalation on the vulnerable device. Violation of confidentiality, integrity, and availability of the system is possible.
Apply patch with identifier ALPS08737250 (Issue ID: MSV-1452) available in the MediaTek security bulletin from July 2024. The update should be deployed according to the manufacturer's references: https://corp.mediatek.com/product-security-bulletin/July-2024
Devices running Google Android equipped with MediaTek MT6768 and MT6779 processors. Specific software versions are indicated in the manufacturer's references (MediaTek security bulletin from July 2024).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGoogle Android
OSGoogle12.013.014.0Mediatek Mt6768
HWMediatekwszystkie wersjeMediatek Mt6779
HWMediatekwszystkie wersjeMediatek Mt8321
HWMediatekwszystkie wersjeMediatek Mt8385
HWMediatekwszystkie wersjeMediatek Mt8755
HWMediatekwszystkie wersjeMediatek Mt8765
HWMediatekwszystkie wersjeMediatek Mt8766
HWMediatekwszystkie wersjeMediatek Mt8768
HWMediatekwszystkie wersjeMediatek Mt8771
HWMediatekwszystkie wersjeMediatek Mt8775
HWMediatekwszystkie wersjeMediatek Mt8781
HWMediatekwszystkie wersjeMediatek Mt8786
HWMediatekwszystkie wersjeMediatek Mt8788
HWMediatekwszystkie wersjeMediatek Mt8789
HWMediatekwszystkie wersjeMediatek Mt8791t
HWMediatekwszystkie wersjeMediatek Mt8792
HWMediatekwszystkie wersjeMediatek Mt8795t
HWMediatekwszystkie wersjeMediatek Mt8796
HWMediatekwszystkie wersjeMediatek Mt8797
HWMediatekwszystkie wersjeMediatek Mt8798
HWMediatekwszystkie wersje
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...