VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 6, 2025

CVE-2023-20642

CVE-2023-20642

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds write in MediaTek ril leads to local escalation of privilege with System privileges required.

Vulnerability

In the RIL (Radio Interface Layer) of MediaTek chipsets, there is an out-of-bounds write vulnerability due to a missing bounds check. This affects unspecified versions; the patch ID is ALPS07628586. The vulnerability is present in the ril component and requires System execution privileges to trigger. [1]

Exploitation

An attacker with System execution privileges can exploit this by sending crafted input that bypasses bounds checking, leading to an out-of-bounds write. No user interaction is needed. The exact attack vector is not detailed in available references. [1]

Impact

Successful exploitation could lead to local escalation of privilege, potentially allowing the attacker to gain higher privileges or execute arbitrary code within the System context. The impact is limited to devices with MediaTek chipsets. [1]

Mitigation

MediaTek has released a security patch (ALPS07628586) as part of the March 2023 Product Security Bulletin. Device OEMs have been notified and are expected to deploy the fix. Users should apply updates from their device manufacturer. [1]

References
  1. March 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.