Use After Free Vulnerability in vdec by MediaTek
CVE-2023-20684

6.4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6789, Mt6855, Mt6879, Mt6895, Mt6983, Mt8673, Mt8781, Mt8795t, Mt8798, Mt8891
Vendor: CVE Published:; 6 April 2023

Summary

A vulnerability in vdec from MediaTek arises from a use after free scenario attributable to a race condition. This issue could allow for local privilege escalation, permitting unauthorized system execution privileges. The exploitation of this vulnerability does not require any user interaction, making it particularly concerning for users of affected versions. A patch has been released under the ID ALPS07671069 to address this issue and enhance system security.

Affected Version(s)

MT6789, MT6855, MT6879, MT6895, MT6983, MT8673, MT8781, MT8795T, MT8798, MT8891 Android 12.0, 13.0

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2023
Vulnerability Reserved
Oct 28, 2022