Out of Bounds Read Vulnerability in Mediatek's imgsys_cmdq Component
CVE-2023-20848

6.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2713, Mt6895, Mt6897, Mt6983, Mt8188, Mt8195, Mt8395, Mt8781
Vendor: CVE Published:; 4 September 2023

Summary

In the imgsys_cmdq component, there exists a vulnerability where a lack of valid range checking could result in an out of bounds read. This flaw may allow an attacker to escalate privileges locally, provided they can interact with the affected system. Mitigation efforts are necessary to address this issue, particularly with the provided patch ID ALPS07340433 to safeguard against potential exploitation.

Affected Version(s)

MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2023
Vulnerability Reserved
Oct 28, 2022