Out of Bounds Write Vulnerability in Mediatek's imgsys Software
CVE-2023-20804
6.7MEDIUM
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 7 August 2023
Summary
The imgsys software from Mediatek is susceptible to an out of bounds write vulnerability caused by a lack of proper bounds checking. This flaw allows an attacker to escalate privileges locally, ultimately leading to system execution with elevated rights. Notably, successful exploitation of this vulnerability does not require user interaction, making it a critical concern for affected systems. A patch has been released to address this issue, and it is crucial for users of Mediatek products to apply the updates promptly to mitigate potential risks.
Affected Version(s)
MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673 Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved