Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-20727: June 2023

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.

CVE
#vulnerability#web#android#linux#dos#rce#wifi

June 2023 Product Security Bulletin

Published 2023-06-06

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

Medium

CVE-2023-20727, CVE-2023-20728, CVE-2023-20729, CVE-2023-20730, CVE-2023-20731, CVE-2023-20732, CVE-2023-20733, CVE-2023-20734, CVE-2023-20735, CVE-2023-20736, CVE-2023-20737, CVE-2023-20738, CVE-2023-20739, CVE-2023-20740, CVE-2023-20741, CVE-2023-20742, CVE-2023-20743, CVE-2023-20744, CVE-2023-20745, CVE-2023-20746, CVE-2023-20747, CVE-2023-20749, CVE-2023-20750, CVE-2023-20751, CVE-2023-20752, CVE-2023-20712, CVE-2023-20715, CVE-2023-20716, CVE-2023-20723, CVE-2023-20724, CVE-2023-20725

****Details****

CVE

CVE-2023-20727

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8168, MT8365, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0

CVE

CVE-2023-20728

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6781, MT6789, MT6833, MT6835, MT6855, MT6877, MT6879, MT6886, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8185, MT8195, MT8362A, MT8365, MT8385, MT8395, MT8518, MT8532, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0

CVE

CVE-2023-20729

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6985, MT7902, MT7921, MT8365, MT8518, MT8532

Affected Software Versions

Android 13.0 / Yocto 3.1, 3.3, 4.0

CVE

CVE-2023-20730

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6985, MT7902, MT7921, MT8365, MT8518, MT8532

Affected Software Versions

Android 13.0 / Yocto 3.1, 3.3, 4.0

CVE

CVE-2023-20731

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1,3.3,4.0

CVE

CVE-2023-20732

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1,3.3,4.0

CVE

CVE-2023-20733

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20734

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20735

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20736

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20737

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20738

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20739

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20740

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20741

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20742

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20743

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20744

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20745

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20746

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20747

Title

Access of resource using incompatible type (‘type confusion’) in vcu

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’)

Description

In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8365, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

CVE

CVE-2023-20749

Title

Improper input validation in swpm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6835, MT6855, MT6879, MT6886, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797

Affected Software Versions

Android 13.0

CVE

CVE-2023-20750

Title

Improper input validation in swpm

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In swpm, there is a possible out of bounds write due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6835, MT6886, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797

Affected Software Versions

Android 13.0

CVE

CVE-2023-20751

Title

Out-of-bounds write in keymanage

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20752

Title

Out-of-bounds write in keymanage

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In keymange, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20712

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 / Linux 4.19 (For MT5221 only)

CVE

CVE-2023-20715

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 / Linux 4.19 (For MT5221 only)

CVE

CVE-2023-20716

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6789, MT6855, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8673, MT8695, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 / Linux 4.19 (For MT5221 only)

CVE

CVE-2023-20723

Title

Out-of-bounds read in Bluetooth

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-125 Out-of-bounds Read

Description

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2023-20724

Title

Out-of-bounds read in Bluetooth

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-125 Out-of-bounds Read

Description

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8167, MT8175, MT8183

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2023-20725

Title

Improper input validation in preloader

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8175, MT8195, MT8365, MT8385, MT8673, MT8781, MT8788, MT8789

Affected Software Versions

Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 2022Q3

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

June 6, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907