VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 5, 2025

CVE-2023-20649

CVE-2023-20649

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing bounds check in MediaTek ril allows local information disclosure with System privileges.

Vulnerability

In the Radio Interface Layer (ril) component of MediaTek chipsets, a missing bounds check leads to an out-of-bounds read vulnerability. This issue affects multiple MediaTek platforms, including those listed in the March 2023 Product Security Bulletin [1]. The vulnerability requires System execution privileges to be exploited.

Exploitation

An attacker with System execution privileges can trigger the out-of-bounds read without any user interaction. The exact sequence involves invoking a vulnerable function in the ril component that fails to validate input boundaries, allowing the attacker to read memory beyond the intended buffer.

Impact

Successful exploitation results in local information disclosure. The attacker can read sensitive data from kernel or device memory, potentially compromising confidentiality of system or user information.

Mitigation

MediaTek has released a patch identified as ALPS07628607, included in the March 2023 Product Security Bulletin [1]. Device OEMs have been notified and are expected to distribute the fix to end users. Users should apply the latest security updates from their device manufacturer.

References
  1. March 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.