CVE-2023-20698
Description
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds read in MediaTek keyinstall allows local disclosure of sensitive information with System privileges.
Vulnerability
In the keyinstall component on MediaTek chipsets, an out-of-bounds read vulnerability exists due to a missing bounds check. This flaw affects devices built with chipsets such as MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, and others listed in [1]. The affected patch ID is ALPS07589144 and issue ID is ALPS07589144 [1]. No user interaction is required for exploitation.
Exploitation
An attacker must already have System execution privileges on the device. With that level of access, the attacker can trigger the missing bounds check, leading to an out-of-bounds read. No further user interaction is needed [1].
Impact
Successful exploitation leads to local information disclosure of sensitive data that resides within the memory space accessible via the out-of-bounds read. The attacker gains additional knowledge that they would not normally have, but does not escalate privileges beyond the already held System level [1].
Mitigation
MediaTek has released a security patch (ALPS07589144) to device OEMs at least two months prior to the publication date of May 5, 2023 [1]. Device vendors should incorporate this patch into their firmware updates. Users should apply any available updates from their device manufacturer. No workaround is mentioned [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5Range: Android 11.0, 12.0, 13.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.