Description
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- MediaTek, Inc. / MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893Android 12.0, 13.0, 14.0, 15.0 – Android 12.0, 13.0, 14.0, 15.0