Headline
CVE-2023-20651: March 2023
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.
March 2023 Product Security Bulletin
Published 2023-03-06
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2023-20620, CVE-2023-20621, CVE-2023-20623
Medium
CVE-2023-20624, CVE-2023-20625, CVE-2023-20626, CVE-2023-20627, CVE-2023-20628, CVE-2023-20630, CVE-2023-20632, CVE-2023-20633, CVE-2023-20634, CVE-2023-20635, CVE-2023-20636, CVE-2023-20637, CVE-2023-20638, CVE-2023-20639, CVE-2023-20640, CVE-2023-20641, CVE-2023-20642, CVE-2023-20643, CVE-2023-20644, CVE-2023-20645, CVE-2023-20646, CVE-2023-20647, CVE-2023-20648, CVE-2023-20649, CVE-2023-20650, CVE-2023-20651
****Details****
CVE
CVE-2023-20620
Title
Time-of-check time-of-use (toctou) race condition in adsp
Severity
High
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20621
Title
Improper input validation in tinysys
Severity
High
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6762, MT6765, MT6771, MT6789, MT6879, MT6883, MT6885, MT6893, MT6895, MT6983
Affected Software Versions
Android 10.0, 11.0, 12.0, 13.0
CVE
CVE-2023-20623
Title
Time-of-check time-of-use (toctou) race condition in ion
Severity
High
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8173, MT8532, MT8666, MT8667, MT8788
Affected Software Versions
Android 10.0, 11.0, 12.0 or Yocto 3.1, 3.3, 4.0
CVE
CVE-2023-20624
Title
Buffer copy without checking size of input (‘classic buffer overflow’) in vow
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
Description
In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6983, MT8781, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20625
Title
Improper synchronization in adsp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20626
Title
Improper input validation in msdc
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8785, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2023-20627
Title
Incorrect calculation of buffer size in pqframework
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-131 Incorrect Calculation of Buffer Size
Description
In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8167, MT8168
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20628
Title
Improper check or handling of exceptional conditions in thermal
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-703 Improper Check or Handling of Exceptional Conditions
Description
In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20630
Title
Out-of-bounds write in usb
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20632
Title
Out-of-bounds write in usb
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20633
Title
Improper validation of array index in usb
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-129 Improper Validation of Array Index
Description
In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20634
Title
Improper input validation in widevine
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2023-20635
Title
Integer underflow (wrap or wraparound) in keyinstall
Severity
Medium
Vulnerability Type
ID
CWE
CWE-191 Integer Underflow (Wrap or Wraparound)
Description
In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 10.0, 11.0, 12.0, 13.0
CVE
CVE-2023-20636
Title
Improper input validation in display drm
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6895, MT6985, MT8168, MT8781
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20637
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20638
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6753, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20639
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20640
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20641
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20642
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20643
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6891, MT6893, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20644
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20645
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6762, MT6763, MT6765, MT6769, MT6771, MT6779, MT6785, MT6789, MT6873, MT6875, MT6877, MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20646
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20647
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20648
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20649
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20650
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20651
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8195Z
Affected Software Versions
Android 12.0, 13.0
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
March 6, 2023
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
Related news
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741