VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 6, 2023· Updated Feb 13, 2025

CVE-2023-20665

CVE-2023-20665

Description

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds read in MediaTek ril component allows local information disclosure with System privileges.

Vulnerability

In the ril (Radio Interface Layer) component of MediaTek chipsets, there is a possible out-of-bounds read due to a missing bounds check. This affects various MediaTek chipsets (e.g., MT6580, MT6731, etc.) as listed in the April 2023 bulletin [1]. The vulnerability requires System execution privileges.

Exploitation

An attacker with System execution privileges can trigger an out-of-bounds read by sending a crafted input to the ril component. No user interaction is needed. The exact sequence is not detailed in the available references.

Impact

Successful exploitation leads to local information disclosure, potentially exposing sensitive data from memory. The impact is limited to information disclosure; privilege escalation is not indicated.

Mitigation

MediaTek has released a patch (ALPS07628604) as part of the April 2023 Product Security Bulletin. Device OEMs were notified at least two months prior. Users should apply the update from their device manufacturer.

References
  1. April 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Samsung Mobile/RILllm-fuzzy
  • MediaTek, Inc./MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8365, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.