Out of Bounds Read Vulnerability in MediaTek Products
CVE-2023-20844

4.2MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8781
Vendor: CVE Published:; 4 September 2023

What is CVE-2023-20844?

A vulnerability exists in the imgsys_cmdq component of certain MediaTek products, which may allow an attacker to read data outside the designated memory bounds. This issue arises from a lack of proper range checking and could potentially lead to local information disclosure. Successful exploitation requires user interaction and system execution privileges, highlighting the need for vigilance when using affected devices. MediaTek has provided a patch to mitigate this vulnerability, and users are encouraged to update their products promptly to safeguard against possible exploits.

Affected Version(s)

MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022