Use After Free Vulnerability in Mediatek ImgSys Component
CVE-2023-20801

6.4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6879, Mt6895, Mt6983, Mt8188, Mt8195, Mt8395, Mt8781
Vendor: CVE Published:; 7 August 2023

Summary

A vulnerability exists in the ImgSys component of Mediatek's software due to a race condition, leading to a possible use after free situation. Attackers could exploit this flaw to escalate privileges locally, allowing them to execute system-level operations without user interaction. A patch has been released under ID ALPS07420968 to mitigate the risks associated with this vulnerability.

Affected Version(s)

MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

References

https://corp.mediatek.com/product-security-bulletin/Augus...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Oct 28, 2022