CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0CVE-2023-32821
https://notcve.org/view.php?id=CVE-2023-32821
In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433. En vídeo, hay una posible escritura fuera de límites debido a una omisión de permisos. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0CVE-2023-32820
https://notcve.org/view.php?id=CVE-2023-32820
In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. En wlan firmware, existe una posible afirmación del firmware debido a un manejo inadecuado de la entrada. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-32819
https://notcve.org/view.php?id=CVE-2023-32819
In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138. En el display, hay una posible divulgación de información debido a una ausencia de la verificación de los límites. • https://corp.mediatek.com/product-security-bulletin/October-2023 •
CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44129 – Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity
https://notcve.org/view.php?id=CVE-2023-44129
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. La vulnerabilidad es que la aplicación de mensajería ("com.android.mms") parcheada por LG reenvía intentos controlados por el atacante en la actividad "com.android.mms.ui.QClipIntentReceiverActivity" exportada. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-926: Improper Export of Android Application Components •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44128 – LGInstallService - Deletion of arbitrary files with system privilege
https://notcve.org/view.php?id=CVE-2023-44128
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. La vulnerabilidad consiste en eliminar archivos arbitrarios en la aplicación LGInstallService ("com.lge.lginstallservies"). • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •