VYPR
← All advisories
Unrated severityNVD Advisory· Published May 15, 2023· Updated Jan 23, 2025

CVE-2023-20697

CVE-2023-20697

Description

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In keyinstall on MediaTek chipsets, an out-of-bounds read allows local attackers with System privileges to disclose sensitive information.

Vulnerability

The vulnerability resides in the keyinstall component on MediaTek chipsets. A missing bounds check leads to an out-of-bounds read condition. This affects a wide range of MediaTek chipsets, including MT2731, MT6580, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6880, and others as listed in the May 2023 MediaTek security bulletin [1]. Exploitation requires System execution privileges.

Exploitation

An attacker must have local access with System execution privileges to exploit this vulnerability. User interaction is not required. The attacker can trigger the out-of-bounds read by sending a crafted request to the keyinstall component, leading to memory disclosure.

Impact

Successful exploitation results in local information disclosure. The attacker can read out-of-bounds memory, potentially leaking sensitive data such as cryptographic keys or other confidential information stored in memory.

Mitigation

The fix is included in the May 2023 MediaTek security bulletin [1]. The patch ID is ALPS07589148. Device OEMs have been notified and are expected to deploy updates. Users should apply the latest security updates from their device manufacturer to mitigate this vulnerability.

References
  1. May 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Mediatek/keyInstallllm-fuzzy
  • MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5
    Range: Android 11.0, 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.