CVE-2023-20639

Vulnerability

In the ril (Radio Interface Layer) component of MediaTek chipsets, an out-of-bounds write vulnerability exists due to a missing bounds check. This flaw is present in software versions affected by the March 2023 security bulletin (Patch ID: ALPS07628587). The vulnerability requires System execution privileges to be reachable, and no user interaction is needed for exploitation [1].

Exploitation

An attacker with System execution privileges can trigger the out-of-bounds write by sending crafted input to the ril component. The missing bounds check allows writing beyond the allocated buffer, potentially corrupting memory. User interaction is not required, and the attack can be performed locally [1].

Impact

Successful exploitation could lead to local escalation of privilege, allowing the attacker to gain higher privileges (e.g., kernel-level access) and potentially execute arbitrary code. The impact is limited to devices with MediaTek chipsets that include the vulnerable ril component [1].

Mitigation

MediaTek has released a security patch (ALPS07628587) as part of the March 2023 Product Security Bulletin. Device OEMs have been notified and are expected to incorporate the fix into their firmware updates. Users should apply updates from their device manufacturer when available [1].