Use After Free Vulnerability in MediaTek Software
CVE-2023-20849
6.5MEDIUM
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 4 September 2023
What is CVE-2023-20849?
A significant vulnerability exists within the MediaTek software due to a missing valid range check in the imgsys_cmdq function. This situation creates a possible use after free scenario, enabling local escalation of privileges for an attacker. The successful exploitation of this vulnerability requires user interaction, emphasizing the need for cautious user behavior. Proper patches have been released to mitigate this issue, and users are encouraged to update their software promptly to safeguard against potential exploits.
Affected Version(s)
MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781 Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0