VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 6, 2025

CVE-2023-20643

CVE-2023-20643

Description

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In MediaTek ril, a missing bounds check allows local out-of-bounds write, leading to privilege escalation with System execution privileges.

Vulnerability

In the MediaTek radio interface layer (ril), a missing bounds check on an input buffer leads to an out-of-bounds write. This vulnerability affects multiple MediaTek chipsets as listed in the March 2023 Product Security Bulletin [1]. The exact affected software versions are not publicly detailed, but the bulletin indicates that patches have been provided to device OEMs.

Exploitation

An attacker must already possess System execution privileges on the device. No user interaction is required. The attacker can trigger the out-of-bounds write by sending a crafted input to the ril component, exploiting the missing bounds check to write beyond the allocated buffer.

Impact

Successful exploitation results in local escalation of privilege. The out-of-bounds write can corrupt kernel memory or other critical structures, potentially allowing the attacker to gain higher privileges or execute arbitrary code in a privileged context.

Mitigation

MediaTek released a patch (ALPS07628584) to address this issue. Device OEMs have been notified and are expected to deploy the fix via security updates. Users should apply the latest firmware updates from their device manufacturer. As of March 2023, the patch is available [1].

References
  1. March 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6891, MT6893, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.