PT-2023-17586 · Mediatek · Mt6890+3
Published
2023-06-06
·
Updated
2025-01-07
·
CVE-2023-20725
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MT6880 versions prior to patch ALPS07734004
MT6890 versions prior to patch ALPS07734004
MT6980 versions prior to patch ALPS07874358
MT6990 versions prior to patch ALPS07874358
Description
In the preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Recommendations
For MT6880, apply patch ALPS07734004 to resolve the issue.
For MT6890, apply patch ALPS07734004 to resolve the issue.
For MT6980, apply patch ALPS07874358 to resolve the issue.
For MT6990, apply patch ALPS07874358 to resolve the issue.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mt6880
Mt6890
Mt6980
Mt6990