Memory Corruption Vulnerability in MediaTek’s VCU Product
CVE-2023-20747

4.4MEDIUM

Key Information:

Vendor
MediaTek
Status
MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8365, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Vendor
CVE Published:
6 June 2023

Summary

A vulnerability has been identified in MediaTek's VCU product, whereby memory corruption can occur due to type confusion. This flaw has the potential to lead to a local denial of service condition. Notably, the exploitation of this vulnerability does not require user interaction, making it particularly concerning for system administrators. It is strongly recommended that users apply the security patch identified as ALPS07519103 to mitigate the risks associated with this vulnerability.

Affected Version(s)

MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8365, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9015, MT9023, MT9025, MT9618, MT9649, MT9653, MT9679, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982 Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2

References

https://corp.mediatek.com/product-security-bulletin/June-...

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.