First published: Mon Sep 04 2023(Updated: )
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.
Credit: security@mediatek.com security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linuxfoundation Yocto | =4.0 | |
Mediatek Iot Yocto | =23.0 | |
Google Android | =11.0 | |
Google Android | =12.0 | |
Linux Linux kernel | =6.1 | |
Mediatek Mt6895 | ||
Mediatek Mt6897 | ||
Mediatek Mt6983 | ||
Mediatek Mt8188 | ||
Mediatek Mt8195 | ||
Mediatek Mt8395 | ||
Mediatek Mt8781 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20843 is a vulnerability in imgsys_cmdq that allows for a possible out of bounds read, leading to local information disclosure.
CVE-2023-20843 has a severity rating of 4.2 (medium).
Exploiting CVE-2023-20843 requires user interaction and system execution privileges.
The affected software versions include Linuxfoundation Yocto 4.0, Mediatek Iot Yocto 23.0, Google Android 11.0 and 12.0, and Linux Linux Kernel 6.1.
No, Mediatek Mt6895 is not vulnerable to CVE-2023-20843.