Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-20818: August 2023

In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.

CVE
#vulnerability#web#android#linux#dos#rce#wifi

August 2023 Product Security Bulletin

Published 2023-08-07

The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi and TV chipsets chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

****Summary****

Severity

CVEs

High

CVE-2023-20780

Medium

CVE-2023-20781, CVE-2023-20782, CVE-2023-20783, CVE-2023-20784, CVE-2023-20785, CVE-2023-20786, CVE-2023-20787, CVE-2023-20788, CVE-2023-20789, CVE-2023-20790, CVE-2023-20793, CVE-2023-20795, CVE-2023-20796, CVE-2023-20797, CVE-2023-20798, CVE-2023-20800, CVE-2023-20801, CVE-2023-20802, CVE-2023-20803, CVE-2023-20804, CVE-2023-20805, CVE-2023-20806, CVE-2023-20807, CVE-2023-20808, CVE-2023-20809, CVE-2023-20810, CVE-2023-20811, CVE-2023-20812, CVE-2023-20813, CVE-2023-20814, CVE-2023-20815, CVE-2023-20816, CVE-2023-20817, CVE-2023-20818

****Details****

CVE

CVE-2023-20780

Title

Improper input validation in keyinstall

Severity

High

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2023-20781

Title

Improper input validation in keyinstall

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20782

Title

Improper input validation in keyinstall

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20783

Title

Improper input validation in keyinstall

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2023-20784

Title

Improper input validation in keyinstall

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 11.0, 12.0, 13.0

CVE

CVE-2023-20785

Title

Time-of-check time-of-use (toctou) race condition in audio

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8168, MT8781, MT8791, MT8797

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20786

Title

Improper input validation in gps

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8362A, MT8365, MT8673

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20787

Title

Time-of-check time-of-use (toctou) race condition in thermal

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, MT8365

Affected Software Versions

Android 12.0

CVE

CVE-2023-20788

Title

Time-of-check time-of-use (toctou) race condition in thermal

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Description

In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, MT8365

Affected Software Versions

Android 12.0

CVE

CVE-2023-20789

Title

Improper input validation in jpeg

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8195Z

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20790

Title

Improper input validation in nvram

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT2735, MT2737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3

CVE

CVE-2023-20793

Title

Improper input validation in apu

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-20 Improper Input Validation

Description

In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8188, MT8195

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20795

Title

Improper input validation in ril

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6739, MT6761, MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20796

Title

Improper input validation in power

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-20 Improper Input Validation

Description

In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2735, MT2737, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6886, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8321, MT8768, MT8781, MT8786

Affected Software Versions

Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3

CVE

CVE-2023-20797

Title

Out-of-bounds write in camera middleware

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20798

Title

Out-of-bounds read in pda

Severity

Medium

Vulnerability Type

ID

CWE

CWE-125 Out-of-bounds Read

Description

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20800

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781

Affected Software Versions

Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20801

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781

Affected Software Versions

Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20802

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-119 Improper Input Validation

Description

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781

Affected Software Versions

Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20803

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-119 Improper Input Validation

Description

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673

Affected Software Versions

Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20804

Title

Out-of-bounds write in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673

Affected Software Versions

Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20805

Title

Out-of-bounds write in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673

Affected Software Versions

Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20806

Title

Write-what-where condition in hcp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-123 Write-what-where Condition

Description

In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20807

Title

Improper input validation in dpe

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT2713, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20808

Title

Out-of-bounds write in OPTEE

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT9011, MT9022, MT9618, MT9649, MT9653

Affected Software Versions

Android 11.0

CVE

CVE-2023-20809

Title

Out-of-bounds write in vdec

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9215, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 10.0, 11.0

CVE

CVE-2023-20810

Title

Improper input validation in IOMMU

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9666, MT9667, MT9669, MT9671, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 10.0, 11.0 / Linux 4.19

CVE

CVE-2023-20811

Title

Out-of-bounds write in IOMMU

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT5221, MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9666, MT9667, MT9669, MT9671, MT9675, MT9685, MT9686, MT9688

Affected Software Versions

Android 10.0, 11.0 / Linux 4.19

CVE

CVE-2023-20812

Title

Improper input validation in wlan driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan driver, there is possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6761, MT6762, MT6765, MT6768, MT6769, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6896, MT6983, MT6985, MT8365

Affected Software Versions

Android 13.0 / IOT-v23.0 (Yocto 4.0)

CVE

CVE-2023-20813

Title

Improper input validation in wlan service

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan service, there is possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20814

Title

Improper input validation in wlan service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20815

Title

Improper input validation in wlan service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20816

Title

Improper input validation in wlan service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20817

Title

Improper input validation in wlan service

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 12.0, 13.0

CVE

CVE-2023-20818

Title

Improper input validation in wlan service

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan service, there is possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985

Affected Software Versions

Android 12.0, 13.0

****Vulnerability Type Definition****

Abbreviation

Definition

RCE

Remote Code Execution

EoP

Elevation of Privilege

ID

Information Disclosure

DoS

Denial of Service

N/A

Classification not available

****Versions****

Version

Date

Description

1.0

Augest 7, 2023

Bulletin published.

****Notes****

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.

Related news

CVE-2023-21267: Android Security Bulletin—August 2023

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907