CVE-2023-20741
Description
In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in MediaTek's ril component allows local information disclosure with System privileges.
Vulnerability
In the Radio Interface Layer (ril) component of MediaTek chipsets, an out-of-bounds read vulnerability exists due to a missing bounds check. This flaw can be triggered without user interaction and requires System execution privileges. The issue is identified by Patch ID ALPS07628591 and affects devices running vulnerable versions of the ril code as detailed in the June 2023 MediaTek Product Security Bulletin [1].
Exploitation
An attacker with System execution privileges can exploit this vulnerability by sending a crafted request to the ril component. The missing bounds check allows the attacker to read memory beyond the intended buffer, leading to information disclosure. No user interaction is required for exploitation.
Impact
Successful exploitation results in local information disclosure, potentially exposing sensitive data from kernel memory, such as credentials or other confidential information. The attacker gains access to data that should be protected, compromising confidentiality.
Mitigation
MediaTek has released a patch (ALPS07628591) as part of the June 2023 security update. Device OEMs have been notified and are expected to distribute the fix to end users. Users should apply the latest security update from their device manufacturer. No workaround is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797v5Range: Android 12.0, 13.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.