Lucene search

[email protected]NVD:CVE-2023-20725

HistoryJun 06, 2023 - 1:15 p.m.

CVE-2023-20725

2023-06-0613:15:11

CWE-787

[email protected]

web.nvd.nist.gov

preloader

out of bounds write

escalation of privilege

system execution

patch id

issue id

mt6880

mt6890

mt6980

mt6990

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).

Affected configurations

Nvd

Node

rdkcentralrdk-bMatch2022q3

googleandroidMatch12.0

googleandroidMatch13.0

openwrtopenwrtMatch19.07.0-

openwrtopenwrtMatch21.02.0-

AND

mediatekmt6580Match-

mediatekmt6739Match-

mediatekmt6761Match-

mediatekmt6765Match-

mediatekmt6768Match-

mediatekmt6779Match-

mediatekmt6781Match-

mediatekmt6785Match-

mediatekmt6789Match-

mediatekmt6833Match-

mediatekmt6835Match-

mediatekmt6853Match-

mediatekmt6853tMatch-

mediatekmt6855Match-

mediatekmt6873Match-

mediatekmt6877Match-

mediatekmt6879Match-

mediatekmt6880Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6886Match-

mediatekmt6889Match-

mediatekmt6890Match-

mediatekmt6893Match-

mediatekmt6895Match-

mediatekmt6980Match-

mediatekmt6983Match-

mediatekmt6985Match-

mediatekmt6990Match-

mediatekmt8167Match-

mediatekmt8175Match-

mediatekmt8195Match-

mediatekmt8365Match-

mediatekmt8385Match-

mediatekmt8673Match-

mediatekmt8781Match-

mediatekmt8788Match-

mediatekmt8789Match-

VendorProductVersionCPE
rdkcentralrdk-b2022q3cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
googleandroid13.0cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
openwrtopenwrt19.07.0cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
openwrtopenwrt21.02.0cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
mediatekmt6580-cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*
mediatekmt6739-cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
mediatekmt6761-cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
mediatekmt6765-cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
mediatekmt6768-cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rdkcentral	rdk-b	2022q3	cpe:2.3:a:rdkcentral:rdk-b:2022q3:::::::*
google	android	12.0	cpe:2.3:o:google:android:12.0:::::::*
google	android	13.0	cpe:2.3:o:google:android:13.0:::::::*
openwrt	openwrt	19.07.0	cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::
openwrt	openwrt	21.02.0	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::
mediatek	mt6580	-	cpe:2.3:h:mediatek:mt6580:-:::::::*
mediatek	mt6739	-	cpe:2.3:h:mediatek:mt6739:-:::::::*
mediatek	mt6761	-	cpe:2.3:h:mediatek:mt6761:-:::::::*
mediatek	mt6765	-	cpe:2.3:h:mediatek:mt6765:-:::::::*
mediatek	mt6768	-	cpe:2.3:h:mediatek:mt6768:-:::::::*

Rows per page:

1-10 of 431

References

corp.mediatek.com/product-security-bulletin/June-2023

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-20725

prion1 cvelist1 cve1