CVE-2023-20742

Vulnerability

An out-of-bounds read vulnerability exists in the ril component of multiple MediaTek chipsets. The issue is due to a missing bounds check, as referenced in CVE-2023-20742 [1]. Affected chipsets include MT6789, MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8168, MT8365, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791T, and others [1]. The vulnerability is present in software versions prior to the patch identified as ALPS07628591 [1].

Exploitation

Exploitation requires System execution privileges, meaning an attacker must already have elevated access to the affected device's system [1]. User interaction is not needed for exploitation [1]. The attacker can trigger the out-of-bounds read by sending a crafted input to the ril component, which fails to validate bounds before performing a memory read operation [1].

Impact

Successful exploitation leads to local information disclosure [1]. An attacker with System privileges can read sensitive data from memory beyond the intended buffer, potentially leaking user or system information [1]. The scope is limited to information disclosure; no arbitrary code execution or privilege escalation is gained beyond the System level already held [1].

Mitigation

MediaTek has released a security patch for this vulnerability, identified as Patch ID: ALPS07628591 [1]. The fix is included in the June 2023 Product Security Bulletin [1]. Device OEMs have been notified and are expected to distribute the patch to end users [1]. Users should apply the security update from their device manufacturer as soon as it becomes available [1].