CVE-2023-20809

State: PUBLISHED · Published: 2023-08-07 · Updated: 2024-10-22 · Assigner: MediaTek

Description

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198.

CWE

CWE-787 — CWE-787 Out-of-bounds Write

Affected

MediaTek, Inc. / MT5583, MT5691, MT5695, MT9010, MT9011, MT9012, MT9016, MT9020, MT9021, MT9022, MT9030, MT9031, MT9032, MT9215, MT9216, MT9218, MT9220, MT9221, MT9222, MT9255, MT9256, MT9266, MT9269, MT9285, MT9286, MT9288, MT9600, MT9602, MT9610, MT9611, MT9612, MT9613, MT9615, MT9617, MT9629, MT9630, MT9631, MT9632, MT9636, MT9638, MT9639, MT9650, MT9652, MT9666, MT9667, MT9669, MT9670, MT9671, MT9675, MT9685, MT9686, MT9688 — v=Android 10.0, 11.0 [affected]

CVSS

(none)

References

https://corp.mediatek.com/product-security-bulletin/August-2023

Source

cvelistV5-main/cves/2023/20xxx/CVE-2023-20809.json