CVE-2023-20694
First published: Mon May 01 2023(Updated: )
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
Credit: security@mediatek.com security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| All of | ||
| Any of | ||
| Google Android | =12.0 | |
| Google Android | =13.0 | |
| OpenWrt OpenWrt | =19.07.0 | |
| OpenWrt OpenWrt | =21.02.0 | |
| Any of | ||
| Mediatek MT6580 | ||
| MediaTek MT6739 | ||
| MediaTek MT6761 | ||
| MediaTek MT6765 | ||
| MediaTek MT6768 | ||
| MediaTek MT6769 | ||
| MediaTek MT6771 | ||
| MediaTek MT6779 | ||
| MediaTek MT6785T | ||
| MediaTek M6789 | ||
| MediaTek MT6853 | ||
| MediaTek MT6855 | ||
| MediaTek MT6873 | ||
| MediaTek MT6879 | ||
| MediaTek MT6880 | ||
| MediaTek MT6885 | ||
| MediaTek MT6890 | ||
| MediaTek MT6895 | ||
| MediaTek MT6983 | ||
| Mediatek MT8167 | ||
| MediaTek MT8175 Firmware | ||
| MediaTek MT8185 | ||
| MediaTek MT8195Z | ||
| MediaTek MT8321 | ||
| MediaTek MT8365 Firmware | ||
| MediaTek MT8385 Firmware | ||
| MediaTek MT8395 | ||
| MediaTek MT8666 | ||
| MediaTek MT8667 | ||
| MediaTek MT8673 | ||
| MediaTek MT8675 | ||
| MediaTek MT8765 | ||
| MediaTek MT8766Z | ||
| MediaTek MT8768 | ||
| MediaTek MT8781 WiFi | ||
| mediatek mt8786 | ||
| MediaTek MT8788 Firmware | ||
| MediaTek MT8789 | ||
| MediaTek MT8791 WiFi | ||
| MediaTek MT8791T | ||
| MediaTek MT8797 | ||
| Google Android | =12.0 | |
| Google Android | =13.0 | |
| OpenWrt OpenWrt | =19.07.0 | |
| OpenWrt OpenWrt | =21.02.0 | |
| Mediatek MT6580 | ||
| MediaTek MT6739 | ||
| MediaTek MT6761 | ||
| MediaTek MT6765 | ||
| MediaTek MT6768 | ||
| MediaTek MT6769 | ||
| MediaTek MT6771 | ||
| MediaTek MT6779 | ||
| MediaTek MT6785T | ||
| MediaTek M6789 | ||
| MediaTek MT6853 | ||
| MediaTek MT6855 | ||
| MediaTek MT6873 | ||
| MediaTek MT6879 | ||
| MediaTek MT6880 | ||
| MediaTek MT6885 | ||
| MediaTek MT6890 | ||
| MediaTek MT6895 | ||
| MediaTek MT6983 | ||
| Mediatek MT8167 | ||
| MediaTek MT8175 Firmware | ||
| MediaTek MT8185 | ||
| MediaTek MT8195Z | ||
| MediaTek MT8321 | ||
| MediaTek MT8365 Firmware | ||
| MediaTek MT8385 Firmware | ||
| MediaTek MT8395 | ||
| MediaTek MT8666 | ||
| MediaTek MT8667 | ||
| MediaTek MT8673 | ||
| MediaTek MT8675 | ||
| MediaTek MT8765 | ||
| MediaTek MT8766Z | ||
| MediaTek MT8768 | ||
| MediaTek MT8781 WiFi | ||
| mediatek mt8786 | ||
| MediaTek MT8788 Firmware | ||
| MediaTek MT8789 | ||
| MediaTek MT8791 WiFi | ||
| MediaTek MT8791T | ||
| MediaTek MT8797 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-20694.
What is the severity of vulnerability CVE-2023-20694?
The severity of vulnerability CVE-2023-20694 is high with a severity score of 6.7.
What is affected by vulnerability CVE-2023-20694?
Vulnerability CVE-2023-20694 affects Google Android versions 12.0 and 13.0, as well as Openwrt versions 19.07.0 and 21.02.0.
Is user interaction needed for exploitation of vulnerability CVE-2023-20694?
No, user interaction is not needed for exploitation of vulnerability CVE-2023-20694.
How can I fix vulnerability CVE-2023-20694?
To fix vulnerability CVE-2023-20694, apply the respective patches: ALPS07733998 / ALPS07874388 for MT6880 and MT6890 devices.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/google android
- version/google android/12.0
- version/google android/13.0
- vendor/openwrt
- canonical/openwrt openwrt
- version/openwrt openwrt/19.07.0
- version/openwrt openwrt/21.02.0
- vendor/mediatek
- canonical/mediatek mt6580
- canonical/mediatek mt6739
- canonical/mediatek mt6761
- canonical/mediatek mt6765
- canonical/mediatek mt6768
- canonical/mediatek mt6769
- canonical/mediatek mt6771
- canonical/mediatek mt6779
- canonical/mediatek mt6785t
- canonical/mediatek m6789
- canonical/mediatek mt6853
- canonical/mediatek mt6855
- canonical/mediatek mt6873
- canonical/mediatek mt6879
- canonical/mediatek mt6880
- canonical/mediatek mt6885
- canonical/mediatek mt6890
- canonical/mediatek mt6895
- canonical/mediatek mt6983
- canonical/mediatek mt8167
- canonical/mediatek mt8175 firmware
- canonical/mediatek mt8185
- canonical/mediatek mt8195z
- canonical/mediatek mt8321
- canonical/mediatek mt8365 firmware
- canonical/mediatek mt8385 firmware
- canonical/mediatek mt8395
- canonical/mediatek mt8666
- canonical/mediatek mt8667
- canonical/mediatek mt8673
- canonical/mediatek mt8675
- canonical/mediatek mt8765
- canonical/mediatek mt8766z
- canonical/mediatek mt8768
- canonical/mediatek mt8781 wifi
- canonical/mediatek mt8786
- canonical/mediatek mt8788 firmware
- canonical/mediatek mt8789
- canonical/mediatek mt8791 wifi
- canonical/mediatek mt8791t
- canonical/mediatek mt8797