VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 6, 2023· Updated Mar 26, 2025

CVE-2023-20613

CVE-2023-20613

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing bounds check in ril leads to out-of-bounds write and local privilege escalation on MediaTek chipsets.

Vulnerability

In the ril component of MediaTek chipsets, a missing bounds check can lead to an out-of-bounds write. This vulnerability is present in various MediaTek chipsets as listed in the February 2023 Product Security Bulletin [1]. The exact affected software versions are not specified but the bulletin indicates that patches have been provided to OEMs.

Exploitation

To exploit this vulnerability, an attacker requires System execution privileges. No user interaction is needed. The attacker can trigger the out-of-bounds write by leveraging the missing bounds check in the ril code path.

Impact

Successful exploitation allows an attacker with System privileges to write out-of-bounds, potentially leading to local escalation of privilege within the System context. This could result in further compromise of the device.

Mitigation

MediaTek has released a patch for this issue, identified as ALPS07628614, as part of the February 2023 Product Security Bulletin [1]. Device OEMs have been notified and are expected to distribute the fix to end users. Users should apply the latest security update from their device manufacturer.

References
  1. February 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5
    Range: Android 11.0, 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.