OpenCVE

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Android
Mediatek	Mt9011 Mt9022 Mt9618 Mt9649 Mt9653

Configuration 1 [-]

AND

cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:mediatek:mt9011:-:::::::*
	cpe:2.3:h:mediatek:mt9022:-:::::::*
	cpe:2.3:h:mediatek:mt9618:-:::::::*
	cpe:2.3:h:mediatek:mt9649:-:::::::*
	cpe:2.3:h:mediatek:mt9653:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/August-2023

History

Tue, 15 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-08-07T03:21:54.842Z

Updated: 2024-10-15T19:49:27.901Z

Reserved: 2022-10-28T02:03:23.672Z

Link: CVE-2023-20808

Vulnrichment

Updated: 2024-08-02T09:14:41.137Z

NVD

Status : Modified

Published: 2023-08-07T04:15:14.180

Modified: 2024-11-21T07:41:34.223

Link: CVE-2023-20808

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20808", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2022-10-28T02:03:23.672Z", "datePublished": "2023-08-07T03:21:54.842Z", "dateUpdated": "2024-10-15T19:49:27.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-08-07T03:21:54.842Z"}, "descriptions": [{"lang": "en", "value": "In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT9011, MT9022, MT9618, MT9649, MT9653", "versions": [{"version": "Android 11.0", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Elevation of Privilege"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:41.137Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "mediatek", "product": "mt9011", "cpes": ["cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "Android 11.0", "status": "affected"}]}, {"vendor": "mediatek", "product": "mt9022", "cpes": ["cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "Android 11.0", "status": "affected"}]}, {"vendor": "mediatek", "product": "mt9618", "cpes": ["cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "Android 11.0", "status": "affected"}]}, {"vendor": "mediatek", "product": "mt9649", "cpes": ["cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "Android 11.0", "status": "affected"}]}, {"vendor": "mediatek", "product": "mt9653", "cpes": ["cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "Android 11.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T19:47:25.231347Z", "id": "CVE-2023-20808", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T19:49:27.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:41.137Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20808", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T19:47:25.231347Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt9011", "versions": [{"status": "affected", "version": "Android 11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt9022", "versions": [{"status": "affected", "version": "Android 11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt9618", "versions": [{"status": "affected", "version": "Android 11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt9649", "versions": [{"status": "affected", "version": "Android 11.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt9653", "versions": [{"status": "affected", "version": "Android 11.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T19:49:21.466Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT9011, MT9022, MT9618, MT9649, MT9653", "versions": [{"status": "affected", "version": "Android 11.0"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "descriptions": [{"lang": "en", "value": "In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Elevation of Privilege"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-08-07T03:21:54.842Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20808", "state": "PUBLISHED", "dateUpdated": "2024-10-15T19:49:27.901Z", "dateReserved": "2022-10-28T02:03:23.672Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2023-08-07T03:21:54.842Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*", "matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*", "matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895."}], "id": "CVE-2023-20808", "lastModified": "2024-11-21T07:41:34.223", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-07T04:15:14.180", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/August-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}