First published: Mon Sep 04 2023(Updated: )
In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.
Credit: security@mediatek.com security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linuxfoundation Yocto | =4.0 | |
Mediatek Iot Yocto | =23.0 | |
Google Android | =11.0 | |
Google Android | =12.0 | |
Linux Linux kernel | =6.1 | |
Mediatek Mt2713 | ||
Mediatek Mt6895 | ||
Mediatek Mt6897 | ||
Mediatek Mt6983 | ||
Mediatek Mt8188 | ||
Mediatek Mt8195 | ||
Mediatek Mt8395 | ||
Mediatek Mt8781 | ||
All of | ||
Any of | ||
Linuxfoundation Yocto | =4.0 | |
Mediatek Iot Yocto | =23.0 | |
Google Android | =11.0 | |
Google Android | =12.0 | |
Linux Linux kernel | =6.1 | |
Any of | ||
Mediatek Mt2713 | ||
Mediatek Mt6895 | ||
Mediatek Mt6897 | ||
Mediatek Mt6983 | ||
Mediatek Mt8188 | ||
Mediatek Mt8195 | ||
Mediatek Mt8395 | ||
Mediatek Mt8781 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20850 is a vulnerability in imgsys_cmdq that can lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
Linuxfoundation Yocto 4.0, Mediatek Iot Yocto 23.0, Google Android 11.0 and 12.0, Linux Linux Kernel 6.1 are affected by CVE-2023-20850.
CVE-2023-20850 has a severity level of 6.5 (medium).
CVE-2023-20850 requires user interaction to be exploited.
A patch with ID ALPS07340433 is available to fix CVE-2023-20850.