CVE-2023-20746

2023-06-0612:11:43

MediaTek

www.cve.org

vcu

out of bounds write

escalation of privilege

improper locking

local exploitation

patch id

issue id

EPSS

Percentile

5.1%

JSON

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217.

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797",
    "versions": [
      {
        "version": "Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2023

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-20746