Headline
CVE-2023-20726: May 2023
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).
May 2023 Product Security Bulletin
Published 2023-05-05
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2023-20726, CVE-2023-20694, CVE-2023-20695, CVE-2023-20696, CVE-2023-20697, CVE-2023-20698, CVE-2023-20699
Medium
CVE-2023-20700, CVE-2023-20701, CVE-2023-20703, CVE-2023-20704, CVE-2023-20705, CVE-2023-20706, CVE-2023-20707, CVE-2023-20708, CVE-2023-20709, CVE-2023-20710, CVE-2023-20711, CVE-2023-20717, CVE-2023-20718, CVE-2023-20719, CVE-2023-20720, CVE-2023-20721, CVE-2023-20722, CVE-2023-20673
****Details****
CVE
CVE-2023-20726
Title
Improper access control in mnld
Severity
High
Vulnerability Type
ID
CWE
CWE-284 Improper Access Control
Description
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3
CVE
CVE-2023-20694
Title
Improper input validation in preloader
Severity
High
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6789, MT6853, MT6855, MT6873, MT6879, MT6880, MT6885, MT6890, MT6895, MT6983, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0 / OpenWrt 19.07, 21.02
CVE
CVE-2023-20695
Title
Improper input validation in preloader
Severity
High
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 13.0 / OpenWrt 19.07, 21.02
CVE
CVE-2023-20696
Title
Improper input validation in preloader
Severity
High
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 13.0 / OpenWrt 19.07, 21.02
CVE
CVE-2023-20697
Title
Improper input validation in keyinstall
Severity
High
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20698
Title
Improper input validation in keyinstall
Severity
High
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20699
Title
Improper input validation in adsp
Severity
High
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20700
Title
Out-of-bounds write in widevine
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2023-20701
Title
Out-of-bounds write in widevine
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions
Android 11.0, 12.0
CVE
CVE-2023-20703
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20704
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20705
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20706
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20707
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20708
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20709
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20710
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20711
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20717
Title
Exposure of sensitive information to an unauthorized actor in vcu
Severity
Medium
Vulnerability Type
ID
CWE
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8365, MT8786, MT8789, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20718
Title
Improper input validation in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)
CVE
CVE-2023-20719
Title
Improper input validation in pqframework
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20720
Title
Improper input validation in pqframework
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6895, MT6983, MT8167, MT8168, MT8195, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20721
Title
Improper input validation in isp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)
CVE
CVE-2023-20722
Title
Improper input validation in m4u
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6765, MT6768, MT8768
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20673
Title
Incorrect comparison in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-697 Incorrect Comparison
Description
In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9023, MT9025, MT9618, MT9653, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Affected Software Versions
Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
May 5, 2023
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
Related news
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004