Lucene search

[email protected]NVD:CVE-2023-20845

HistorySep 04, 2023 - 3:15 a.m.

CVE-2023-20845

2023-09-0403:15:11

CWE-125

[email protected]

web.nvd.nist.gov

imgsys

out of bounds read

local information disclosure

system execution privileges

user interaction

patch id

issue id

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.

Affected configurations

Nvd

Node

linuxfoundationyoctoMatch4.0

mediatekiot_yoctoMatch23.0

googleandroidMatch11.0

googleandroidMatch12.0

linuxlinux_kernelMatch6.1-

AND

mediatekmt6895Match-

mediatekmt6897Match-

mediatekmt6983Match-

mediatekmt8188Match-

mediatekmt8195Match-

mediatekmt8395Match-

VendorProductVersionCPE
linuxfoundationyocto4.0cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
mediatekiot_yocto23.0cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
googleandroid11.0cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
linuxlinux_kernel6.1cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
mediatekmt6895-cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
mediatekmt6897-cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
mediatekmt6983-cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
mediatekmt8188-cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
mediatekmt8195-cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linuxfoundation	yocto	4.0	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
mediatek	iot_yocto	23.0	cpe:2.3:a:mediatek:iot_yocto:23.0:::::::*
google	android	11.0	cpe:2.3:o:google:android:11.0:::::::*
google	android	12.0	cpe:2.3:o:google:android:12.0:::::::*
linux	linux_kernel	6.1	cpe:2.3:o:linux:linux_kernel:6.1:-::::::
mediatek	mt6895	-	cpe:2.3:h:mediatek:mt6895:-:::::::*
mediatek	mt6897	-	cpe:2.3:h:mediatek:mt6897:-:::::::*
mediatek	mt6983	-	cpe:2.3:h:mediatek:mt6983:-:::::::*
mediatek	mt8188	-	cpe:2.3:h:mediatek:mt8188:-:::::::*
mediatek	mt8195	-	cpe:2.3:h:mediatek:mt8195:-:::::::*

Rows per page:

1-10 of 111

References

corp.mediatek.com/product-security-bulletin/September-2023

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-20845

prion1 cve1 cvelist1