CVE-2023-20653
Description
In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In keyinstall on MediaTek chipsets, a missing bounds check allows a local attacker with System privileges to write out of bounds, leading to escalation of privilege.
Vulnerability
In the keyinstall component on multiple MediaTek chipsets, there is a possible out-of-bounds write due to a missing bounds check. This vulnerability, identified as CVE-2023-20653, is present in the affected chipset versions listed in the MediaTek product security bulletin for April 2023. Patches are referenced as ALPS07628168 and ALPS07589144. [1]
Exploitation
An attacker must already have System execution privileges to exploit this vulnerability. No user interaction is required. The lack of a bounds check allows the attacker to write beyond the allocated buffer, making the exploitation achievable with local access. [1]
Impact
Successful exploitation leads to local escalation of privilege, allowing the attacker to gain higher privileges or perform unauthorized operations within the System context. This could result in complete compromise of the device's security. [1]
Mitigation
MediaTek has released security patches for this issue as part of the April 2023 Product Security Bulletin. Device OEMs were notified at least two months before publication and are expected to provide updates to end users. Users should apply the patches from their device manufacturer. No workarounds are available if the patch is not yet applied. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8192, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8871, MT8891v5Range: Android 10.0, 11.0, 12.0, 13.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.