CVE-2023-32876

Vulnerability

In the keyInstall function on multiple MediaTek chipsets, a missing bounds check allows reading out-of-bounds memory. The affected chipset list includes MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, and many others as detailed in the January 2024 MediaTek security bulletin [1]. The vulnerability is identified as CVE-2023-32876 (medium severity) and requires System execution privileges to exploit [1].

Exploitation

An attacker who has already obtained System access (e.g., through another exploit) can trigger the out-of-bounds read in keyInstall without any user interaction. No network access or additional privileges are needed beyond System-level execution [1]. The exploitation must be performed locally on the device.

Impact

Successful exploitation leads to local information disclosure, potentially exposing sensitive data stored in kernel or secure memory regions that are accessible through the out-of-bounds read. The attacker gains access to information they would not normally be able to read even with System privileges, but does not achieve code execution or privilege escalation beyond the already-held System level [1].

Mitigation

MediaTek released a security patch (ID: ALPS08308612) in the January 2024 Product Security Bulletin [1]. Device OEMs were notified at least two months before publication; end users should apply the latest firmware update from their device manufacturer. No workaround is available without the patch.