CVE-2023-20828 - Vulnerability Details

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MediaTek, Inc.

MT2735, MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8175, MT8362A, MT8365

affected

Version	Status	Constraints
`Android 12.0, 13.0 / OpenWrt 1907, 2102 / Yocto 2.6 / RDK-B 22Q3`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:a:linuxfoundation:yocto:2.6:::::::*
	cpe:2.3:a:rdkcentral:rdk-b:2022q3:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::
	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::

OR	cpe:2.3:h:mediatek:mt2735:-:::::::*
	cpe:2.3:h:mediatek:mt6761:-:::::::*
	cpe:2.3:h:mediatek:mt6762:-:::::::*
	cpe:2.3:h:mediatek:mt6765:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6769:-:::::::*
	cpe:2.3:h:mediatek:mt6779:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6853t:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6875:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6880:-:::::::*
	cpe:2.3:h:mediatek:mt6883:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6889:-:::::::*
	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt6891:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt8167:-:::::::*
	cpe:2.3:h:mediatek:mt8167s:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8175:-:::::::*
	cpe:2.3:h:mediatek:mt8362a:-:::::::*
	cpe:2.3:h:mediatek:mt8365:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Google Subscribe	Android Subscribe
Linuxfoundation Subscribe	Yocto Subscribe
Mediatek Subscribe	Mt2735 Subscribe Mt6761 Subscribe Mt6762 Subscribe Mt6765 Subscribe Mt6768 Subscribe Mt6769 Subscribe Mt6779 Subscribe Mt6833 Subscribe Mt6835 Subscribe Mt6853 Subscribe Mt6853t Subscribe Mt6855 Subscribe Mt6873 Subscribe Mt6875 Subscribe Mt6877 Subscribe Mt6879 Subscribe Mt6880 Subscribe Mt6883 Subscribe Mt6885 Subscribe Mt6886 Subscribe Mt6889 Subscribe Mt6890 Subscribe Mt6891 Subscribe Mt6893 Subscribe Mt6895 Subscribe Mt6980 Subscribe Mt6983 Subscribe Mt6985 Subscribe Mt6990 Subscribe Mt8167 Subscribe Mt8167s Subscribe Mt8168 Subscribe Mt8175 Subscribe Mt8362a Subscribe Mt8365 Subscribe
Openwrt Subscribe	Openwrt Subscribe
Rdkcentral Subscribe	Rdk-b Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-25007	In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/September-2023

History

Thu, 10 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-09-04T02:27:29.062Z

Updated: 2024-10-10T15:27:54.747Z

Reserved: 2022-10-28T02:03:23.684Z

Link: CVE-2023-20828

Vulnrichment

Updated: 2024-08-02T09:14:41.209Z

NVD

Status : Modified

Published: 2023-09-04T03:15:09.413

Modified: 2024-11-21T07:41:37.877

Link: CVE-2023-20828

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object