CVE-2023-20838
Vulnerability from cvelistv5
Published
2023-09-04 02:27
Modified
2024-10-08 20:13
Severity ?
Summary
In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.
References
security@mediatek.comhttps://corp.mediatek.com/product-security-bulletin/September-2023Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://corp.mediatek.com/product-security-bulletin/September-2023Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:14:41.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:00:34.514344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T20:13:21.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-04T02:27:45.442Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/September-2023"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2023-20838",
    "datePublished": "2023-09-04T02:27:45.442Z",
    "dateReserved": "2022-10-28T02:03:23.690Z",
    "dateUpdated": "2024-10-08T20:13:21.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2385F2C9-3EA1-424B-AB8D-A672BF1CBE56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"437D8F9D-67DF-47A5-9C96-5B51D1562951\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"879FFD0C-9B38-4CAA-B057-1086D794D469\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFDAD450-8799-4C2D-80CE-2AA45DEC35CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D1135F9-E38C-4308-BD32-A4D83959282E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"518D4593-D5E2-489C-92C3-343716A621E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9814939B-F05E-4870-90C0-7C0F6BAAEB39\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"366F1912-756B-443E-9962-224937DD7DFB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704BE5CE-AE08-4432-A8B0-4C8BD62148AD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15E2EC3F-9FB3-488B-B1C1-2793A416C755\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD64413C-C774-4C4F-9551-89E1AA9469EE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"171D1C08-F055-44C0-913C-AA2B73AF5B72\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"213B5C7F-D965-4312-9CDF-4F06FA77D401\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0CA45C9-7BFE-4C93-B2AF-B86501F763AB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B5FE245-6346-4078-A3D0-E5F79BB636B8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CE2FC35-716A-4706-97BA-5DB165041580\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4452EFCF-5733-40A0-8726-F8E33E569411\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"582F1041-CD84-4763-AD6F-E08DD11F689F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62FDE8E0-FD9F-4D2B-944C-E17F34A09F06\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA3D4A45-38EE-4125-AE67-89D1C707F95A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4675A09-0147-4690-8AA1-E3802CA1B3EB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED210E64-6CE7-42B1-849E-68C0E22521F6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"793B7F88-79E7-4031-8AD0-35C9BFD073C4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97C76F98-5D8D-4E52-ABAF-CD27C1205B0E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"299378ED-41CE-4966-99B1-65D2BA1215EF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE18D5C2-0423-4CE5-86E7-69E7BB131BBF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"152F6606-FA23-4530-AA07-419866B74CB3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AACF35D-27E0-49AF-A667-13585C8B8071\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE45F606-2E75-48BC-9D1B-99D504974CBF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"533284E5-C3AF-48D3-A287-993099DB2E41\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE10C121-F2AD-43D2-8FF9-A6C197858220\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1505AD53-987E-4328-8E1D-F5F1EC12B677\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CD2C3EC-B62D-4616-964F-FDBE5B14A449\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB05B1D-77C9-4E42-91AD-9F087413DC20\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B469BF4-5961-42E9-814B-1BE06D182E45\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.\"}, {\"lang\": \"es\", \"value\": \"En imgsys, existe una posible lectura fuera de l\\u00edmites debido a una condici\\u00f3n de carrera. Esto podr\\u00eda conducir a la divulgaci\\u00f3n de informaci\\u00f3n local con privilegios de ejecuci\\u00f3n del sistema necesarios. Se necesita la interacci\\u00f3n del usuario para la explotaci\\u00f3n. ID de parche: ALPS07326455; ID del problema: ALPS07326418.\"}]",
      "id": "CVE-2023-20838",
      "lastModified": "2024-11-21T07:41:39.810",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 4.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 3.6}]}",
      "published": "2023-09-04T03:15:10.560",
      "references": "[{\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\", \"source\": \"security@mediatek.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mediatek.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-20838\",\"sourceIdentifier\":\"security@mediatek.com\",\"published\":\"2023-09-04T03:15:10.560\",\"lastModified\":\"2024-11-21T07:41:39.810\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.\"},{\"lang\":\"es\",\"value\":\"En imgsys, existe una posible lectura fuera de l\u00edmites debido a una condici\u00f3n de carrera. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07326455; ID del problema: ALPS07326418.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.3,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2385F2C9-3EA1-424B-AB8D-A672BF1CBE56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"437D8F9D-67DF-47A5-9C96-5B51D1562951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8FB8EE9-FC56-4D5E-AE55-A5967634740C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"879FFD0C-9B38-4CAA-B057-1086D794D469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFDAD450-8799-4C2D-80CE-2AA45DEC35CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1135F9-E38C-4308-BD32-A4D83959282E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"518D4593-D5E2-489C-92C3-343716A621E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9814939B-F05E-4870-90C0-7C0F6BAAEB39\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"366F1912-756B-443E-9962-224937DD7DFB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704BE5CE-AE08-4432-A8B0-4C8BD62148AD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E2EC3F-9FB3-488B-B1C1-2793A416C755\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD64413C-C774-4C4F-9551-89E1AA9469EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"171D1C08-F055-44C0-913C-AA2B73AF5B72\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"213B5C7F-D965-4312-9CDF-4F06FA77D401\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0CA45C9-7BFE-4C93-B2AF-B86501F763AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B5FE245-6346-4078-A3D0-E5F79BB636B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CE2FC35-716A-4706-97BA-5DB165041580\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4452EFCF-5733-40A0-8726-F8E33E569411\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"582F1041-CD84-4763-AD6F-E08DD11F689F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62FDE8E0-FD9F-4D2B-944C-E17F34A09F06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3D4A45-38EE-4125-AE67-89D1C707F95A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4675A09-0147-4690-8AA1-E3802CA1B3EB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED210E64-6CE7-42B1-849E-68C0E22521F6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"793B7F88-79E7-4031-8AD0-35C9BFD073C4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C76F98-5D8D-4E52-ABAF-CD27C1205B0E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299378ED-41CE-4966-99B1-65D2BA1215EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE18D5C2-0423-4CE5-86E7-69E7BB131BBF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"152F6606-FA23-4530-AA07-419866B74CB3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AACF35D-27E0-49AF-A667-13585C8B8071\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE45F606-2E75-48BC-9D1B-99D504974CBF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"533284E5-C3AF-48D3-A287-993099DB2E41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE10C121-F2AD-43D2-8FF9-A6C197858220\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1505AD53-987E-4328-8E1D-F5F1EC12B677\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CD2C3EC-B62D-4616-964F-FDBE5B14A449\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB05B1D-77C9-4E42-91AD-9F087413DC20\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B469BF4-5961-42E9-814B-1BE06D182E45\"}]}]}],\"references\":[{\"url\":\"https://corp.mediatek.com/product-security-bulletin/September-2023\",\"source\":\"security@mediatek.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://corp.mediatek.com/product-security-bulletin/September-2023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:14:41.242Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20838\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-08T14:00:34.514344Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-08T14:01:26.853Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"MediaTek, Inc.\", \"product\": \"MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673\", \"versions\": [{\"status\": \"affected\", \"version\": \"Android 11.0, 12.0 / Linux 6.1 / IOT-v23.0 / Yocto 4.0\"}]}], \"references\": [{\"url\": \"https://corp.mediatek.com/product-security-bulletin/September-2023\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information Disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"ee979b05-11f8-4f25-a7e0-a1fa9c190374\", \"shortName\": \"MediaTek\", \"dateUpdated\": \"2023-09-04T02:27:45.442Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-20838\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-08T20:13:21.882Z\", \"dateReserved\": \"2022-10-28T02:03:23.690Z\", \"assignerOrgId\": \"ee979b05-11f8-4f25-a7e0-a1fa9c190374\", \"datePublished\": \"2023-09-04T02:27:45.442Z\", \"assignerShortName\": \"MediaTek\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.