Local Privilege Escalation Vulnerability in MediaTek vcu Component
CVE-2023-20738
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 6 June 2023
What is CVE-2023-20738?
A vulnerability has been identified in the vcu component of MediaTek products that allows for an out of bounds write due to a missing bounds check. This issue can be exploited to achieve local privilege escalation, requiring system execution privileges. Notably, the attack does not necessitate user interaction, which raises concerns regarding the security of affected systems. MediaTek has released patches to address this vulnerability, urging users to update to the latest versions to mitigate potential risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982 Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved