CVE-2023-20843

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*

History

07 Sep 2023, 14:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.2
First Time Mediatek mt8188
Linux
Mediatek mt8395
Linuxfoundation yocto
Mediatek
Mediatek mt8195
Google
Google android
Mediatek mt6897
Mediatek mt6895
Mediatek iot Yocto
Mediatek mt8781
Mediatek mt6983
Linuxfoundation
Linux linux Kernel
References (MISC) https://corp.mediatek.com/product-security-bulletin/September-2023 - (MISC) https://corp.mediatek.com/product-security-bulletin/September-2023 - Vendor Advisory
CWE CWE-125
CPE cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*

04 Sep 2023, 03:51

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-04 03:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-20843

Mitre link : CVE-2023-20843

CVE.ORG link : CVE-2023-20843


JSON object : View

Products Affected

mediatek

  • mt6895
  • iot_yocto
  • mt8188
  • mt8195
  • mt6983
  • mt6897
  • mt8781
  • mt8395

linux

  • linux_kernel

linuxfoundation

  • yocto

google

  • android
CWE
CWE-125

Out-of-bounds Read