OpenCVE

In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Android
Mediatek	Mt6779 Mt6781 Mt6785 Mt6789 Mt6833 Mt6853 Mt6855 Mt6873 Mt6877 Mt6885 Mt6893 Mt8185 Mt8385 Mt8781 Mt8788 Mt8789 Mt8797

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

OR	cpe:2.3:h:mediatek:mt6779:-:::::::*
	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt8185:-:::::::*
	cpe:2.3:h:mediatek:mt8385:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/September-2023

History

Mon, 21 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-09-04T02:27:43.828Z

Updated: 2024-10-21T17:17:26.463Z

Reserved: 2022-10-28T02:03:23.687Z

Link: CVE-2023-20837

Vulnrichment

Updated: 2024-08-02T09:14:41.116Z

NVD

Status : Modified

Published: 2023-09-04T03:15:10.430

Modified: 2024-10-21T18:35:01.410

Link: CVE-2023-20837

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20837", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2022-10-28T02:03:23.687Z", "datePublished": "2023-09-04T02:27:43.828Z", "dateUpdated": "2024-10-21T17:17:26.463Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-09-04T02:27:43.828Z"}, "descriptions": [{"lang": "en", "value": "In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6885, MT6893, MT8185, MT8385, MT8781, MT8788, MT8789, MT8797", "versions": [{"version": "Android 12.0, 13.0", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Elevation of Privilege"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:41.116Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "mediatek", "product": "mt8797", "cpes": ["cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "Android 12.0", "status": "affected"}, {"version": "Android 13.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T17:15:41.699069Z", "id": "CVE-2023-20837", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T17:17:26.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:14:41.116Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-20837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T17:15:41.699069Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt8797", "versions": [{"status": "affected", "version": "Android 12.0"}, {"status": "affected", "version": "Android 13.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T17:17:03.680Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6885, MT6893, MT8185, MT8385, MT8781, MT8788, MT8789, MT8797", "versions": [{"status": "affected", "version": "Android 12.0, 13.0"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/September-2023"}], "descriptions": [{"lang": "en", "value": "In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Elevation of Privilege"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2023-09-04T02:27:43.828Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20837", "state": "PUBLISHED", "dateUpdated": "2024-10-21T17:17:26.463Z", "dateReserved": "2022-10-28T02:03:23.687Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2023-09-04T02:27:43.828Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786."}, {"lang": "es", "value": "En seninf, existe una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites omitida. Esto podr\u00eda llevar a una escalada local de privilegios con necesidad de privilegios de ejecuci\u00f3n del sistema. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: ALPS07992786; ID de la incidencia: ALPS07992786."}], "id": "CVE-2023-20837", "lastModified": "2024-10-21T18:35:01.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-04T03:15:10.430", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/September-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}