Lucene search

MediaTekCVE-2023-20845

HistorySep 04, 2023 - 3:15 a.m.

CVE-2023-20845

2023-09-0403:15:11

CWE-125

MediaTek

web.nvd.nist.gov

security

vulnerability

imgsys

out of bounds read

information disclosure

cve-2023-20845

nvd

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.

Affected configurations

Nvd

Vulners

Node

linuxfoundationyoctoMatch4.0

mediatekiot_yoctoMatch23.0

googleandroidMatch11.0

googleandroidMatch12.0

linuxlinux_kernelMatch6.1-

AND

mediatekmt6895Match-

mediatekmt6897Match-

mediatekmt6983Match-

mediatekmt8188Match-

mediatekmt8195Match-

mediatekmt8395Match-

VendorProductVersionCPE
linuxfoundationyocto4.0cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
mediatekiot_yocto23.0cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
googleandroid11.0cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
linuxlinux_kernel6.1cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
mediatekmt6895-cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
mediatekmt6897-cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
mediatekmt6983-cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
mediatekmt8188-cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
mediatekmt8195-cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linuxfoundation	yocto	4.0	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
mediatek	iot_yocto	23.0	cpe:2.3:a:mediatek:iot_yocto:23.0:::::::*
google	android	11.0	cpe:2.3:o:google:android:11.0:::::::*
google	android	12.0	cpe:2.3:o:google:android:12.0:::::::*
linux	linux_kernel	6.1	cpe:2.3:o:linux:linux_kernel:6.1:-::::::
mediatek	mt6895	-	cpe:2.3:h:mediatek:mt6895:-:::::::*
mediatek	mt6897	-	cpe:2.3:h:mediatek:mt6897:-:::::::*
mediatek	mt6983	-	cpe:2.3:h:mediatek:mt6983:-:::::::*
mediatek	mt8188	-	cpe:2.3:h:mediatek:mt8188:-:::::::*
mediatek	mt8195	-	cpe:2.3:h:mediatek:mt8195:-:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6895, MT6897, MT6983, MT8188, MT8195, MT8395",
    "versions": [
      {
        "version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/September-2023

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-20845