Out of Bounds Write Vulnerability in MediaTek VCU Products
CVE-2023-20734

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt5696, Mt5836, Mt5838, Mt6768, Mt6769, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893, Mt8168, Mt8365, Mt8395, Mt9000, Mt9015, Mt9023, Mt9025, Mt9618, Mt9649, Mt9653, Mt9679, Mt9687, Mt9689, Mt9902, Mt9932, Mt9952, Mt9972, Mt9982
Vendor: CVE Published:; 6 June 2023

Summary

A vulnerability exists in MediaTek's VCU that allows for an out of bounds write due to an insufficient bounds check. This flaw could potentially enable local escalation of privileges, granting attackers system execution rights without requiring user interaction. It is crucial for users of affected versions to apply the recommended patches (ALPS07645149 and ALPS07645184) to mitigate risks associated with this vulnerability.

Affected Version(s)

MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982 Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

References

https://corp.mediatek.com/product-security-bulletin/June-...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
Oct 28, 2022