VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 5, 2025

CVE-2023-20648

CVE-2023-20648

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in MediaTek's RIL component allows local information disclosure with System privileges, no user interaction required.

Vulnerability

In the Radio Interface Layer (RIL) component of MediaTek chipsets, a missing bounds check leads to an out-of-bounds read. This vulnerability affects devices running affected software versions as listed in the March 2023 MediaTek Product Security Bulletin [1]. The issue is identified by Patch ID ALPS07628612.

Exploitation

An attacker must have System execution privileges on the device. No user interaction is required. The attacker can trigger the out-of-bounds read by sending a crafted request to the RIL component, bypassing the missing bounds check.

Impact

Successful exploitation results in local information disclosure, potentially exposing sensitive data from kernel memory. The attacker gains access to information that should be protected, with System-level privileges.

Mitigation

MediaTek has released a patch (ALPS07628612) which is included in the March 2023 security bulletin [1]. Device OEMs have been notified and are expected to deploy the fix via firmware updates. Users should apply the latest security updates from their device manufacturer.

References
  1. March 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.