CVE-2023-20846

4.2MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8781
Vendor: CVE Published:; 4 September 2023

Summary

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.

Affected Version(s)

MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022