CVE-2023-20757 - OpenCVE

In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Mediatek	Mt6739 Mt6768 Mt6771 Mt6785 Mt6833 Mt6853 Mt6853t Mt6873 Mt6877 Mt6883 Mt6885 Mt6889 Mt6893 Mt8786 Mt8789 Mt8797

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

OR	cpe:2.3:h:mediatek:mt6739:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6771:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6883:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/July-2023

History

No history.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-07-04T01:44:13.045Z

Updated: 2024-08-02T09:14:41.024Z

Reserved: 2022-10-28T02:03:10.771Z

Link: CVE-2023-20757

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-04T02:15:10.030

Modified: 2023-07-10T02:25:11.430

Link: CVE-2023-20757

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133."}], "id": "CVE-2023-20757", "lastModified": "2023-07-10T02:25:11.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-04T02:15:10.030", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/July-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}