Vulnerability
CVE-2023-20695
Component: BOOT
Location: FIRMWARE
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
Impact
Severity (Manufact.)
HIGH
Severity (NIST)
6.7
Severity (Android)
N/A
Chipsets
11
Devices
55
Affected Hardware
| Name | Also known as | Manufacturer |
|---|---|---|
| MT8781V/CA | Helio G99 | MediaTek |
| MT8781V/NA | Helio G99 | MediaTek |
| MT6886 | Dimensity 7200 | MediaTek |
| MT6985 | Dimensity 9200 | MediaTek |
| MT6985 | Dimensity 9200+ | MediaTek |
| MT6985W/TCZA | Dimensity 9200+ | MediaTek |
| MT8781 | Helio G99 | MediaTek |
| MT6835 | Dimensity 6100+ | MediaTek |
| MT6835V/ZA | Dimensity 6100+ | MediaTek |
| MT6886 | Dimensity 7200 _A | MediaTek |
11 of 11 row(s) shown.
Rows per page
Page 1 of 2
Information reliability
The information on this website is intended to provide information on the big picture of chipset security and measure trends within the industry. Our information is obtained from several vantage points, checked for consistency, and automatically cross-referenced. However, this process may not always yield reliable information. Do not use the information on a particular vulnerability, chipset or device to verify your individual exposure in cases where inaccuracies are inacceptable, for instance to assess risks if you are a Politically Exposed Person.
Timeline
Introduced (est):
Apr 1, 2022
Reported:
Unknown
Advisory Published:
May 5, 2023
CVE Published:
May 15, 2023
Android Patch Level:
May 2023
