2023-05-16 02:00:27 +02:00
{
"id" : "CVE-2023-20696" ,
"sourceIdentifier" : "security@mediatek.com" ,
"published" : "2023-05-15T22:15:10.563" ,
2023-05-24 16:00:49 +00:00
"lastModified" : "2023-05-24T15:09:06.833" ,
"vulnStatus" : "Analyzed" ,
2023-05-16 02:00:27 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only)."
}
] ,
2023-05-24 16:00:49 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.7 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 0.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-787"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "879FFD0C-9B38-4CAA-B057-1086D794D469"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "F0133207-2EED-4625-854F-8DB7770D5BF7"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "68CF4A7A-3136-4C4C-A795-81323896BE11"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "171D1C08-F055-44C0-913C-AA2B73AF5B72"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "582F1041-CD84-4763-AD6F-E08DD11F689F"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ED210E64-6CE7-42B1-849E-68C0E22521F6"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "299378ED-41CE-4966-99B1-65D2BA1215EF"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "152F6606-FA23-4530-AA07-419866B74CB3"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "03E6123A-7603-4EAB-AFFB-229E8A040709"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3AACF35D-27E0-49AF-A667-13585C8B8071"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CE45F606-2E75-48BC-9D1B-99D504974CBF"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "533284E5-C3AF-48D3-A287-993099DB2E41"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE10C121-F2AD-43D2-8FF9-A6C197858220"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1505AD53-987E-4328-8E1D-F5F1EC12B677"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
] ,
2023-05-16 02:00:27 +02:00
"references" : [
{
"url" : "https://corp.mediatek.com/product-security-bulletin/May-2023" ,
2023-05-24 16:00:49 +00:00
"source" : "security@mediatek.com" ,
"tags" : [
"Vendor Advisory"
]
2023-05-16 02:00:27 +02:00
}
]
}
