CVE-2023-20839

In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*

History

07 Sep 2023, 14:41

Type Values Removed Values Added
References (MISC) https://corp.mediatek.com/product-security-bulletin/September-2023 - (MISC) https://corp.mediatek.com/product-security-bulletin/September-2023 - Vendor Advisory
First Time Mediatek mt8673
Mediatek mt8395
Linuxfoundation yocto
Google
Mediatek iot Yocto
Mediatek mt6983
Linuxfoundation
Mediatek mt8188
Linux
Mediatek mt2713
Mediatek
Mediatek mt8195
Mediatek mt6897
Mediatek mt6895
Google android
Linux linux Kernel
CPE cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
CWE CWE-125
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.2

04 Sep 2023, 03:51

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-04 03:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-20839

Mitre link : CVE-2023-20839

CVE.ORG link : CVE-2023-20839


JSON object : View

Products Affected

mediatek

  • mt6895
  • iot_yocto
  • mt8188
  • mt8195
  • mt6983
  • mt6897
  • mt8673
  • mt2713
  • mt8395

linux

  • linux_kernel

linuxfoundation

  • yocto

google

  • android
CWE
CWE-125

Out-of-bounds Read