CVE-2023-20838

4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2713, Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8673
Vendor: CVE Published:; 4 September 2023

Summary

In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.

Affected Version(s)

MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022