Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-20688: April 2023

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.

CVE
#vulnerability#web#android#linux#dos#rce#rpm#wifi

April 2023 Product Security Bulletin

Published 2023-04-06

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2022-32599, CVE-2023-20652, CVE-2023-20653, CVE-2023-20654, CVE-2023-20655, CVE-2023-20656, CVE-2023-20657

Medium

CVE-2023-20658, CVE-2023-20659, CVE-2023-20660, CVE-2023-20661, CVE-2023-20662, CVE-2023-20663, CVE-2023-20664, CVE-2023-20665, CVE-2023-20666, CVE-2023-20670, CVE-2023-20674, CVE-2023-20675, CVE-2023-20676, CVE-2023-20677, CVE-2023-20679, CVE-2023-20680, CVE-2023-20681, CVE-2023-20682, CVE-2023-20684, CVE-2023-20685, CVE-2023-20686, CVE-2023-20687, CVE-2023-20688

****Details****

CVE

CVE-2022-32599

Title

Out-of-bounds write in rpmb

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20652

Title

Improper input validation in keyinstall

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8192, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20653

Title

Improper input validation in keyinstall

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8192, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20654

Title

Improper input validation in keyinstall

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8192, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20655

Title

Improper input validation in mmsdk

Severity

High

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2715, MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8192, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20656

Title

Write-what-where condition in geniezone

Severity

High

Vulnerability Type

EoP

CWE

CWE-123 Write-what-where Condition

Description

In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20657

Title

Out-of-bounds write in mtee

Severity

High

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20658

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6895, MT6983, MT8188, MT8195, MT8673, MT8795T, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20659

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20660

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6879, MT6895, MT6983, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8696, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7921 and MT7902 chipsets only)

CVE

CVE-2023-20661

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6879, MT6895, MT6983, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8696, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7921 and MT7902 chipsets only)

CVE

CVE-2023-20662

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6879, MT6895, MT6983, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8696, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7921 and MT7902 chipsets only)

CVE

CVE-2023-20663

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6879, MT6895, MT6983, MT7902, MT7921, MT8167S, MT8168, MT8175, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8696, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7921 and MT7902 chipsets only)

CVE

CVE-2023-20664

Title

Double free in gz

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-415 Double Free

Description

In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8185, MT8188, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891

Affected Software Versions

Android 10.0, 11.0, 12.0, 13.0

CVE

CVE-2023-20665

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8365, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20666

Title

Improper input validation in display drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6895, MT6983, MT8188, MT8195, MT8365, MT8781, MT8795T, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20670

Title

Improper input validation in audio

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2715, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8188, MT8195, MT8321, MT8365, MT8385, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8795T, MT8797, MT8798, MT8871, MT8891

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20674

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20675

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20676

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20677

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20679

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6781, MT6789, MT6833, MT6855, MT6877, MT6879, MT6895, MT6983, MT7663, MT7668, MT7902, MT7921, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20680

Title

Improper input validation in adsp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8365, MT8695, MT8771, MT8781, MT8791, MT8791T, MT8795T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2023-20681

Title

Improper input validation in adsp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6886, MT6895, MT6983, MT6985, MT8365, MT8771, MT8781, MT8781WIFI, MT8791, MT8791T, MT8791WIFI, MT8795T, MT8797, MT8797WIFI, MT8798

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20682

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT6580, MT6735, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6983, MT7663, MT7668, MT7902, MT7921, MT7933, MT8167S, MT8168, MT8169, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8675, MT8695, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798

Affected Software Versions

Android 11.0, 12.0, 13.0 / Yocto 3.1, 3.3, 4.0 / Linux-4.19 (for MT5221, MT7663, MT7668, MT7902 and MT7921 chipsets only)

CVE

CVE-2023-20684

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vdec

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983, MT8673, MT8781, MT8795T, MT8798, MT8891

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20685

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vdec

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6855, MT6879, MT6895, MT6983, MT8673, MT8781, MT8795T, MT8798, MT8891

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20686

Title

Improper synchronization in display drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983, MT8781

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20687

Title

Improper synchronization in display drm

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983, MT8781

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20688

Title

Active debug code in power

Severity

Medium

Vulnerability Type

ID

CWE

CWE-489 Active Debug Code

Description

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2715, MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8169, MT8173, MT8175, MT8183, MT8185, MT8188, MT8192, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8673, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8891

Affected Software Versions

Android 11.0, 12.0, 13.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

April 6, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

Related news

CVE-2023-21100: Android Security Bulletin—April 2023

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-242544249

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907