CVE-2023-20822

In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:41

Type Values Removed Values Added
References () https://corp.mediatek.com/product-security-bulletin/September-2023 - Vendor Advisory () https://corp.mediatek.com/product-security-bulletin/September-2023 - Vendor Advisory

07 Sep 2023, 19:14

Type Values Removed Values Added
First Time Mediatek mt8168
Mediatek mt6889
Mediatek mt8195z
Google
Mediatek mt8362a
Mediatek mt6891
Mediatek mt8167
Mediatek mt8167s
Mediatek mt6883
Mediatek mt6885
Mediatek
Mediatek mt8195
Mediatek mt8175
Mediatek mt6895
Mediatek mt6893
Google android
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.7
CWE CWE-787
CPE cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
References (MISC) https://corp.mediatek.com/product-security-bulletin/September-2023 - (MISC) https://corp.mediatek.com/product-security-bulletin/September-2023 - Vendor Advisory

04 Sep 2023, 03:51

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-04 03:15

Updated : 2024-11-21 07:41


NVD link : CVE-2023-20822

Mitre link : CVE-2023-20822

CVE.ORG link : CVE-2023-20822


JSON object : View

Products Affected

mediatek

  • mt6885
  • mt6889
  • mt6893
  • mt8195
  • mt8362a
  • mt6883
  • mt8195z
  • mt8167
  • mt8168
  • mt6891
  • mt8175
  • mt6895
  • mt8167s

google

  • android
CWE
CWE-787

Out-of-bounds Write