CVE-2023-20802

6.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6879, Mt6895, Mt6983, Mt8188, Mt8195, Mt8395, Mt8781
Vendor: CVE Published:; 7 August 2023

Summary

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.

Affected Version(s)

MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781 Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)

References

https://corp.mediatek.com/product-security-bulletin/Augus...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Oct 28, 2022