Out of Bounds Read Vulnerability in imgsys by MediaTek
CVE-2023-20838

4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2713, Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8673
Vendor: CVE Published:; 4 September 2023

What is CVE-2023-20838?

The imgsys component within MediaTek products is affected by a vulnerability that allows potential out of bounds read due to a race condition. Exploiting this vulnerability may lead to local information disclosure, requiring user interaction and specific system execution privileges. MediaTek has issued a patch identified as ALPS07326455 to address this issue, and users are advised to apply the patch to enhance security.

Affected Version(s)

MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022