CVE-2023-20638

Vulnerability

CVE-2023-20638 is an out-of-bounds write vulnerability in the ril component of MediaTek chipsets. The issue is due to a missing bounds check that allows the write operation to extend beyond an allocated buffer. Affected chipsets include MT6879, MT6895, MT6983, and others listed in the March 2023 Product Security Bulletin [1]. The vulnerability requires System execution privileges to be exploitable, and no user interaction is needed [1].

Exploitation

An attacker with System execution privileges can trigger the missing bounds check in ril to cause an out-of-bounds write. The exploitation sequence involves invoking a malicious operation on the ril component that bypasses the bounds constraint, allowing the attacker to write controlled data to a memory location beyond the intended buffer. The attack is performed locally and does not require user interaction [1].

Impact

Successful exploitation leads to local escalation of privilege (EoP) within the System context. The attacker gains the ability to write out-of-bounds, which can corrupt other memory regions, potentially leading to high-severity consequences such as arbitrary code execution or further privilege escalation over the device's system-level components [1].

Mitigation

The vulnerability is addressed in the March 2023 MediaTek Product Security Bulletin [1]. The fix is included in patch ID ALPS07628537. Device OEMs were notified at least two months before publication. Users should apply the security update for their device from the respective OEM. No workaround is available beyond applying the patch [1].