CVE-2023-20679

CVSS V2 None CVSS V3 None
Description
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.
Overview
  • CVE ID
  • CVE-2023-20679
  • Assigner
  • security@mediatek.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-06T18:15:09
  • Last Modified Date
  • 2023-04-12T19:41:39
Weakness Enumerations
CWE URL
CWE-125 http://cwe.mitre.org/data/definitions/125.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:yoctoproject:yocto:3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:yoctoproject:yocto:3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:yoctoproject:yocto:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8169:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8518:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:linux:linux_kernel:4.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://corp.mediatek.com/product-security-bulletin/April-2023 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-20679
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20679
History
Created Old Value New Value Data Type Notes
2023-04-17 04:18:13 Added to TrackCVE
2023-04-17 04:18:15 Weakness Enumeration new