Vulnerability

CVE-2023-20725

Component: BOOT
Location: FIRMWARE
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).

Impact

Severity (Manufact.)

MEDIUM

Severity (NIST)

6.7

Severity (Android)

N/A

Chipsets

82

Devices

1158

Affected Hardware

NameAlso known asManufacturer
MT6580
MediaTek
MT6739
MediaTek
MT6761V/WE
Helio A20
MediaTek
MT6761V/WAB
Helio A22
MediaTek
MT6761V/WBB
Helio A22
MediaTek
MT6765
Helio P35
MediaTek
MT6768
Helio P65
MediaTek
MT6779V/CU
Helio P90
MediaTek
MT6779V/CV
Helio P95
MediaTek
MT6765G
Helio G35
MediaTek
82 of 82 row(s) shown.

Rows per page

Page 1 of 9

Timeline

Introduced (est):
Jan 1, 2015
Reported:
Unknown
Advisory Published:
Jun 6, 2023
CVE Published:
Jun 6, 2023
Android Patch Level:
None
For more information and a detailed analysis of the data presented on this website, please see our paper, to be presented at NDSS'25.
Follow us on Twitter