Out of Bounds Read Vulnerability in imgsys by MediaTek
CVE-2023-20838

4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2713, Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8673
Vendor: CVE Published:; 4 September 2023

What is CVE-2023-20838?

The imgsys component within MediaTek products is affected by a vulnerability that allows potential out of bounds read due to a race condition. Exploiting this vulnerability may lead to local information disclosure, requiring user interaction and specific system execution privileges. MediaTek has issued a patch identified as ALPS07326455 to address this issue, and users are advised to apply the patch to enhance security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022

JSON

MediaTek

What is CVE-2023-20838?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.