CVE-2023-32810
Description
An out-of-bounds read vulnerability in MediaTek Bluetooth driver due to improper input validation could allow local information disclosure with System privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read vulnerability in MediaTek Bluetooth driver due to improper input validation could allow local information disclosure with System privileges.
Vulnerability
The Bluetooth driver in MediaTek chipsets contains an out-of-bounds read vulnerability caused by improper input validation. This flaw is present in the bluetooth driver component and is identified by Patch ID ALPS07867212. The vulnerability affects MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV, and Audio chipsets as summarized in the September 2023 Product Security Bulletin [1]. Specific affected versions are not listed in the available references, but the patch is included in the September 2023 security update.
Exploitation
Exploitation requires local access with System execution privileges. No user interaction is needed for exploitation. The attacker can trigger the out-of-bounds read by sending crafted input to the Bluetooth driver, leveraging the improper validation to read memory beyond the intended buffer.
Impact
A successful exploit leads to an information leak, allowing the attacker to read sensitive data from kernel memory. The impact is limited to information disclosure, as the vulnerability does not enable code execution or privilege escalation beyond the already required System privileges.
Mitigation
MediaTek released a security patch for this vulnerability as part of the September 2023 Product Security Bulletin [1]. Device OEMs have been notified at least two months prior to publication. Users should apply the latest security update from their device manufacturer. No workaround is provided in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT2713, MT5221, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6890, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8365, MT8385, MT8518S, MT8532, MT8666, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5Range: Android 12.0, 13.0 / RDK-B 22Q3 / Linux4.19 / Yocto 3.1, 3.3, 4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.