VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 5, 2025

CVE-2023-20646

CVE-2023-20646

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In ril, a missing bounds check leads to out-of-bounds read and local information disclosure with System privileges.

Vulnerability

The vulnerability exists in the ril component of MediaTek chipsets. A missing bounds check leads to an out-of-bounds read. Affected versions include chipsets such as MT6879, MT6895, MT6983 and others listed in the bulletin [1]. System execution privileges are required to trigger the vulnerable code path.

Exploitation

An attacker with System execution privileges can exploit this vulnerability without user interaction. The attacker needs to trigger the out-of-bounds read, likely by providing crafted input to the ril component.

Impact

Successful exploitation leads to local information disclosure, potentially exposing sensitive data. The attacker gains information disclosure at the System privilege level.

Mitigation

MediaTek has released a patch (ALPS07628536) as part of the March 2023 security bulletin [1]. Device OEMs are notified and updates should be applied. No workarounds are mentioned.

References
  1. March 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.