CVE-2023-20788

In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*

History

09 Aug 2023, 16:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.4
CPE cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
CWE CWE-416
CWE-367
First Time Mediatek mt6873
Mediatek mt6833
Mediatek mt6853
Mediatek mt6779
Mediatek mt6761
Mediatek
Mediatek mt6781
Mediatek mt8362a
Mediatek mt6771
Google android
Mediatek mt6765
Mediatek mt6785
Google
Mediatek mt6739
Mediatek mt6883
Mediatek mt8321
Mediatek mt8168
Mediatek mt8365
Mediatek mt8167s
Mediatek mt6877
Mediatek mt8167
Mediatek mt6768
References (MISC) https://corp.mediatek.com/product-security-bulletin/August-2023 - (MISC) https://corp.mediatek.com/product-security-bulletin/August-2023 - Vendor Advisory

07 Aug 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-07 04:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-20788

Mitre link : CVE-2023-20788

CVE.ORG link : CVE-2023-20788


JSON object : View

Products Affected

mediatek

  • mt6765
  • mt6781
  • mt6771
  • mt8168
  • mt8321
  • mt6873
  • mt6768
  • mt8167
  • mt6833
  • mt8365
  • mt6853
  • mt6877
  • mt6785
  • mt6779
  • mt6739
  • mt8362a
  • mt8167s
  • mt6883
  • mt6761

google

  • android
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-416

Use After Free