Headline
CVE-2023-20727: June 2023
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.
June 2023 Product Security Bulletin
Published 2023-06-06
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
Medium
CVE-2023-20727, CVE-2023-20728, CVE-2023-20729, CVE-2023-20730, CVE-2023-20731, CVE-2023-20732, CVE-2023-20733, CVE-2023-20734, CVE-2023-20735, CVE-2023-20736, CVE-2023-20737, CVE-2023-20738, CVE-2023-20739, CVE-2023-20740, CVE-2023-20741, CVE-2023-20742, CVE-2023-20743, CVE-2023-20744, CVE-2023-20745, CVE-2023-20746, CVE-2023-20747, CVE-2023-20749, CVE-2023-20750, CVE-2023-20751, CVE-2023-20752, CVE-2023-20712, CVE-2023-20715, CVE-2023-20716, CVE-2023-20723, CVE-2023-20724, CVE-2023-20725
****Details****
CVE
CVE-2023-20727
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8168, MT8365, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0
CVE
CVE-2023-20728
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6781, MT6789, MT6833, MT6835, MT6855, MT6877, MT6879, MT6886, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8185, MT8195, MT8362A, MT8365, MT8385, MT8395, MT8518, MT8532, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0
CVE
CVE-2023-20729
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6985, MT7902, MT7921, MT8365, MT8518, MT8532
Affected Software Versions
Android 13.0 / Yocto 3.1, 3.3, 4.0
CVE
CVE-2023-20730
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6985, MT7902, MT7921, MT8365, MT8518, MT8532
Affected Software Versions
Android 13.0 / Yocto 3.1, 3.3, 4.0
CVE
CVE-2023-20731
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788
Affected Software Versions
Android 12.0, 13.0 / Yocto 3.1,3.3,4.0
CVE
CVE-2023-20732
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788
Affected Software Versions
Android 12.0, 13.0 / Yocto 3.1,3.3,4.0
CVE
CVE-2023-20733
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20734
Title
Improper input validation in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20735
Title
Improper input validation in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20736
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20737
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20738
Title
Improper input validation in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20739
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20740
Title
Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
Description
In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20741
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20742
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20743
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20744
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20745
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20746
Title
Improper synchronization in vcu
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-662 Improper Synchronization
Description
In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20747
Title
Access of resource using incompatible type (‘type confusion’) in vcu
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’)
Description
In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8365, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
CVE
CVE-2023-20749
Title
Improper input validation in swpm
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6835, MT6855, MT6879, MT6886, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797
Affected Software Versions
Android 13.0
CVE
CVE-2023-20750
Title
Improper input validation in swpm
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6835, MT6886, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797
Affected Software Versions
Android 13.0
CVE
CVE-2023-20751
Title
Out-of-bounds write in keymanage
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20752
Title
Out-of-bounds write in keymanage
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20712
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 / Linux 4.19 (For MT5221 only)
CVE
CVE-2023-20715
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 / Linux 4.19 (For MT5221 only)
CVE
CVE-2023-20716
Title
Improper input validation in wlan
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 / Linux 4.19 (For MT5221 only)
CVE
CVE-2023-20723
Title
Out-of-bounds read in Bluetooth
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-125 Out-of-bounds Read
Description
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT8167, MT8175, MT8183
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20724
Title
Out-of-bounds read in Bluetooth
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-125 Out-of-bounds Read
Description
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT8167, MT8175, MT8183
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20725
Title
Improper input validation in preloader
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8175, MT8195, MT8365, MT8385, MT8673, MT8781, MT8788, MT8789
Affected Software Versions
Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 2022Q3
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
June 6, 2023
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.