Lucene search

[email protected]CVE-2023-20811

HistoryAug 07, 2023 - 4:15 a.m.

CVE-2023-20811

2023-08-0704:15:14

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-20811

iommu

bounds check

escalation of privilege

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

Affected configurations

Vulners

NVD

Node

googleandroidRange<10.0

googleandroidRange<11.0

mediatekmt5221

mediatekmt5583

mediatekmt5691

mediatekmt5695

mediatekmt9010

mediatekmt9011

mediatekmt9012

mediatekmt9016

mediatekmt9020

mediatekmt9021

mediatekmt9022

mediatekmt9030

mediatekmt9031

mediatekmt9032

mediatekmt9216

mediatekmt9218

mediatekmt9220

mediatekmt9221

mediatekmt9222

mediatekmt9255

mediatekmt9256

mediatekmt9266

mediatekmt9269

mediatekmt9286

mediatekmt9288

mediatekmt9602

mediatekmt9610

mediatekmt9611

mediatekmt9612

mediatekmt9613

mediatekmt9615

mediatekmt9617

mediatekmt9618

mediatekmt9629

mediatekmt9630

mediatekmt9631

mediatekmt9632

mediatekmt9636

mediatekmt9638

mediatekmt9639

mediatekmt9649

mediatekmt9650

mediatekmt9652

mediatekmt9653

mediatekmt9666

mediatekmt9667

mediatekmt9669

mediatekmt9671

mediatekmt9675

mediatekmt9685

mediatekmt9686

mediatekmt9688

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt5221*cpe:2.3:h:mediatek:mt5221:*:*:*:*:*:*:*:*
mediatekmt5583*cpe:2.3:h:mediatek:mt5583:*:*:*:*:*:*:*:*
mediatekmt5691*cpe:2.3:h:mediatek:mt5691:*:*:*:*:*:*:*:*
mediatekmt5695*cpe:2.3:h:mediatek:mt5695:*:*:*:*:*:*:*:*
mediatekmt9010*cpe:2.3:h:mediatek:mt9010:*:*:*:*:*:*:*:*
mediatekmt9011*cpe:2.3:h:mediatek:mt9011:*:*:*:*:*:*:*:*
mediatekmt9012*cpe:2.3:h:mediatek:mt9012:*:*:*:*:*:*:*:*
mediatekmt9016*cpe:2.3:h:mediatek:mt9016:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt5221	*	cpe:2.3:h:mediatek:mt5221::::::::
mediatek	mt5583	*	cpe:2.3:h:mediatek:mt5583::::::::
mediatek	mt5691	*	cpe:2.3:h:mediatek:mt5691::::::::
mediatek	mt5695	*	cpe:2.3:h:mediatek:mt5695::::::::
mediatek	mt9010	*	cpe:2.3:h:mediatek:mt9010::::::::
mediatek	mt9011	*	cpe:2.3:h:mediatek:mt9011::::::::
mediatek	mt9012	*	cpe:2.3:h:mediatek:mt9012::::::::
mediatek	mt9016	*	cpe:2.3:h:mediatek:mt9016::::::::

Rows per page:

1-10 of 541

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT5221, MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9286, MT9288, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9618, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9649, MT9650, MT9652, MT9653, MT9666, MT9667, MT9669, MT9671, MT9675, MT9685, MT9686, MT9688",
    "versions": [
      {
        "version": "Android 10.0, 11.0 / Linux 4.19",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/August-2023

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-20811

nvd1 cvelist1 prion1