Headline
CVE-2023-20818: August 2023
In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.
August 2023 Product Security Bulletin
Published 2023-08-07
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi and TV chipsets chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2023-20780
Medium
CVE-2023-20781, CVE-2023-20782, CVE-2023-20783, CVE-2023-20784, CVE-2023-20785, CVE-2023-20786, CVE-2023-20787, CVE-2023-20788, CVE-2023-20789, CVE-2023-20790, CVE-2023-20793, CVE-2023-20795, CVE-2023-20796, CVE-2023-20797, CVE-2023-20798, CVE-2023-20800, CVE-2023-20801, CVE-2023-20802, CVE-2023-20803, CVE-2023-20804, CVE-2023-20805, CVE-2023-20806, CVE-2023-20807, CVE-2023-20808, CVE-2023-20809, CVE-2023-20810, CVE-2023-20811, CVE-2023-20812, CVE-2023-20813, CVE-2023-20814, CVE-2023-20815, CVE-2023-20816, CVE-2023-20817, CVE-2023-20818
****Details****
CVE
CVE-2023-20780
Title
Improper input validation in keyinstall
Severity
High
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20781
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20782
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20783
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20784
Title
Improper input validation in keyinstall
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 11.0, 12.0, 13.0
CVE
CVE-2023-20785
Title
Time-of-check time-of-use (toctou) race condition in audio
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8168, MT8781, MT8791, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20786
Title
Improper input validation in gps
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8175, MT8188, MT8195, MT8362A, MT8365, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20787
Title
Time-of-check time-of-use (toctou) race condition in thermal
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, MT8365
Affected Software Versions
Android 12.0
CVE
CVE-2023-20788
Title
Time-of-check time-of-use (toctou) race condition in thermal
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT8167, MT8167S, MT8168, MT8321, MT8362A, MT8365
Affected Software Versions
Android 12.0
CVE
CVE-2023-20789
Title
Improper input validation in jpeg
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8195Z
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20790
Title
Improper input validation in nvram
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT2735, MT2737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3
CVE
CVE-2023-20793
Title
Improper input validation in apu
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-20 Improper Input Validation
Description
In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8188, MT8195
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20795
Title
Improper input validation in ril
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6761, MT6762, MT6768, MT6769, MT6779, MT6781, MT6785, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8797
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20796
Title
Improper input validation in power
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-20 Improper Input Validation
Description
In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2735, MT2737, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6886, MT6890, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8168, MT8321, MT8768, MT8781, MT8786
Affected Software Versions
Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3
CVE
CVE-2023-20797
Title
Out-of-bounds write in camera middleware
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20798
Title
Out-of-bounds read in pda
Severity
Medium
Vulnerability Type
ID
CWE
CWE-125 Out-of-bounds Read
Description
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8188, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20800
Title
Improper input validation in imgsys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781
Affected Software Versions
Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20801
Title
Improper input validation in imgsys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781
Affected Software Versions
Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20802
Title
Improper input validation in imgsys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Input Validation
Description
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781
Affected Software Versions
Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20803
Title
Improper input validation in imgsys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Input Validation
Description
In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20804
Title
Out-of-bounds write in imgsys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20805
Title
Out-of-bounds write in imgsys
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20806
Title
Write-what-where condition in hcp
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-123 Write-what-where Condition
Description
In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20807
Title
Improper input validation in dpe
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2713, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20808
Title
Out-of-bounds write in OPTEE
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT9011, MT9022, MT9618, MT9649, MT9653
Affected Software Versions
Android 11.0
CVE
CVE-2023-20809
Title
Out-of-bounds write in vdec
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9215, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9685, MT9686, MT9688
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2023-20810
Title
Improper input validation in IOMMU
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5221, MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9666, MT9667, MT9669, MT9671, MT9675, MT9685, MT9686, MT9688
Affected Software Versions
Android 10.0, 11.0 / Linux 4.19
CVE
CVE-2023-20811
Title
Out-of-bounds write in IOMMU
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT5221, MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9666, MT9667, MT9669, MT9671, MT9675, MT9685, MT9686, MT9688
Affected Software Versions
Android 10.0, 11.0 / Linux 4.19
CVE
CVE-2023-20812
Title
Improper input validation in wlan driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan driver, there is possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6761, MT6762, MT6765, MT6768, MT6769, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6896, MT6983, MT6985, MT8365
Affected Software Versions
Android 13.0 / IOT-v23.0 (Yocto 4.0)
CVE
CVE-2023-20813
Title
Improper input validation in wlan service
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan service, there is possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20814
Title
Improper input validation in wlan service
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20815
Title
Improper input validation in wlan service
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20816
Title
Improper input validation in wlan service
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20817
Title
Improper input validation in wlan service
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In wlan service, there is possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 12.0, 13.0
CVE
CVE-2023-20818
Title
Improper input validation in wlan service
Severity
Medium
Vulnerability Type
ID
CWE
CWE-20 Improper Input Validation
Description
In wlan service, there is possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985
Affected Software Versions
Android 12.0, 13.0
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
Augest 7, 2023
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
Related news
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.