VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 6, 2023· Updated Mar 26, 2025

CVE-2023-20605

CVE-2023-20605

Description

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in keyinstall on MediaTek chipsets allows local information disclosure with System privileges, without user interaction.

Vulnerability

In MediaTek's keyinstall component, a missing bounds check leads to an out-of-bounds read vulnerability. This affects multiple MediaTek chipsets as listed in the February 2023 security bulletin [1]. The exact version range is not specified, but patches are available via ALPS07550104.

Exploitation

An attacker with System execution privileges can exploit this without user interaction. No additional authentication or network access is required; the vulnerability is local.

Impact

Successful exploitation leads to local information disclosure, potentially exposing sensitive data. The attacker gains no escalation beyond System privileges, but can read out-of-bounds memory.

Mitigation

MediaTek has released a security patch identified as ALPS07550104, included in the February 2023 bulletin [1]. Device OEMs are advised to apply the patch. No workaround is published. The vulnerability is not listed in CISA KEV as of the bulletin date.

References
  1. February 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Mediatek/keyInstallllm-fuzzy
  • MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5
    Range: Android 11.0, 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.