Out of Bounds Write Vulnerability in MediaTek Audio Products
CVE-2023-20670

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2715, Mt6580, Mt6739, Mt6761, Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6853, Mt6853t, Mt6855, Mt6873, Mt6877, Mt6879, Mt6883, Mt6885, Mt6889, Mt6893, Mt6895, Mt6983, Mt8167, Mt8188, Mt8195, Mt8321, Mt8365, Mt8385, Mt8675, Mt8696, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8789, Mt8791, Mt8795t, Mt8797, Mt8798, Mt8871, Mt8891
Vendor: CVE Published:; 6 April 2023

Summary

A vulnerability has been identified in MediaTek audio products that allows for an out of bounds write due to a missing bounds check. This flaw can enable a local attacker to escalate privileges, executing code with system privileges. Exploitation does not require user interaction, which increases the risk of this vulnerability. Affected users and enterprises should ensure they apply available patches to safeguard their systems. For more information, refer to MediaTek's product security bulletin.

Affected Version(s)

MT2715, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167, MT8188, MT8195, MT8321, MT8365, MT8385, MT8675, MT8696, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8795T, MT8797, MT8798, MT8871, MT8891 Android 12.0, 13.0

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2023
Vulnerability Reserved
Oct 28, 2022