Out of Bounds Write Vulnerability in Mediatek GPS Software
CVE-2023-20832

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2735, Mt6761, Mt6762, Mt6765, Mt6768, Mt6769, Mt6779, Mt6833, Mt6835, Mt6853, Mt6853t, Mt6855, Mt6873, Mt6875, Mt6877, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6980, Mt6983, Mt6985, Mt6990, Mt8167, Mt8167s, Mt8168, Mt8175, Mt8195, Mt8362a, Mt8365
Vendor: CVE Published:; 4 September 2023

Summary

A vulnerability exists in Mediatek's GPS software, characterized by an out of bounds write due to a missing bounds check. This flaw could allow local escalation of privilege, requiring system execution permissions for exploitation. Notably, user interaction is not necessary for an attacker to leverage this vulnerability. Affected users should apply patches promptly to mitigate any potential risks.

Affected Version(s)

MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8195, MT8362A, MT8365 Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022