VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 6, 2025

CVE-2023-20644

CVE-2023-20644

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds read in MediaTek ril component allows local information disclosure with System privileges, no user interaction.

Vulnerability

In the ril component of MediaTek chipsets, there is a possible out-of-bounds read due to a missing bounds check [1]. This affects software versions covered in ALPS07628603 as per the March 2023 MediaTek bulletin [1]. The vulnerability requires System execution privileges and no user interaction.

Exploitation

An attacker with System execution privileges can trigger the out-of-bounds read by sending a crafted request to the ril component [1]. No user interaction is required, and the attack is local.

Impact

Successful exploitation leads to information disclosure, allowing the attacker to read sensitive data from memory [1]. The disclosure is limited to the privileges of the System process.

Mitigation

MediaTek has released a security patch identified as ALPS07628603 [1]. Device OEMs were notified at least two months before publication on March 6, 2023. Users should apply the patch from their device manufacturer.

References
  1. March 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.