Out of Bounds Read Vulnerability in MediaTek Products
CVE-2023-20847

4.2MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8781
Vendor: CVE Published:; 4 September 2023

Summary

A vulnerability in imgsys_cmdq has been identified which allows for a potential out of bounds read. This flaw arises from the absence of proper range checking, potentially leading to a local denial of service scenario. Successful exploitation of this vulnerability necessitates user interaction and requires system execution privileges. MediaTek has issued a patch identified as ALPS07354025 to mitigate this issue.

Affected Version(s)

MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022