{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20808", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2022-10-28T02:03:23.672Z", "datePublished": "2023-08-07T03:21:54.842Z", "dateUpdated": "2024-08-02T09:14:41.137Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-08-07T03:21:54.842Z"}, "descriptions": [{"lang": "en", "value": "In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT9011, MT9022, MT9618, MT9649, MT9653", "versions": [{"version": "Android 11.0", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Elevation of Privilege"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:41.137Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*", "matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895."}], "id": "CVE-2023-20808", "lastModified": "2023-08-09T17:28:11.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-07T04:15:14.180", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}