CVE-2023-20606

Vulnerability

CVE-2023-20606 is an out-of-bounds read vulnerability in the apusys driver of MediaTek chipsets. The flaw exists due to a missing bounds check, allowing an attacker to read memory beyond the intended buffer. The affected software versions include those listed in the MediaTek February 2023 Product Security Bulletin, covering chipsets such as MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6889, MT6893, MT6895, and MT6983 [1]. The vulnerability is rated Medium severity with a CVSS v3.1 score not explicitly provided but implied by the bulletin's severity classification.

Exploitation

Exploitation requires the attacker to have System execution privileges on the device. No user interaction is needed. The attacker can trigger the out-of-bounds read by sending a crafted request to the apusys driver, which fails to validate the size of the input, leading to reading memory outside the allocated buffer. The exact sequence of steps is not publicly detailed, but the condition is reachable from a privileged context.

Impact

Successful exploitation leads to local information disclosure. An attacker with System privileges can read sensitive kernel memory, potentially exposing cryptographic keys, passwords, or other confidential data. The impact is limited to confidentiality, as the vulnerability does not allow write access or code execution.

Mitigation

MediaTek has released a patch identified as ALPS07571104 to address this vulnerability. The patch is included in the February 2023 Product Security Bulletin [1]. Device OEMs have been notified and are expected to deploy the fix in their firmware updates. Users should apply updates from their device manufacturer as soon as they become available. No workaround is documented.