CVE-2023-20654

Vulnerability

In the keyinstall component of MediaTek chipsets, a missing bounds check leads to a possible out-of-bounds write. The vulnerability affects devices running Android with MediaTek chipsets and requires System execution privileges to be exploited. The issue is identified by Patch ID: ALPS07628168 and Issue ID: ALPS07589148. Affected chipsets include MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, and others, as detailed in the MediaTek Product Security Bulletin [1].

Exploitation

An attacker with System execution privileges can trigger the out-of-bounds write without any user interaction. This means that an already-privileged process or a local attacker who gains System-level access can exploit the vulnerability. The exploitation does not require network access or any special permissions beyond System privileges.

Impact

Successful exploitation leads to local escalation of privilege (EoP) within the System context. The out-of-bounds write could allow the attacker to corrupt memory, potentially leading to arbitrary code execution at the System level, which could result in full compromise of the device's security mechanisms.

Mitigation

MediaTek has released security patches addressing this vulnerability as part of the April 2023 Product Security Bulletin. Device OEMs are expected to provide these patches in their monthly firmware updates. Users should apply the latest security updates from their device manufacturer. No workarounds are available beyond patching.