VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 4, 2023· Updated Dec 4, 2024

CVE-2023-20755

CVE-2023-20755

Description

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in keyinstall on MediaTek chipsets leads to out-of-bounds write, enabling local privilege escalation to System.

Vulnerability

In keyinstall, an integer overflow (CWE-190) occurs, leading to an out-of-bounds write. This vulnerability affects a wide range of MediaTek chipsets, including MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, and others [1]. The bug is reachable with System execution privileges and requires no user interaction.

Exploitation

An attacker with System execution privileges can trigger the integer overflow to perform an out-of-bounds write. No user interaction is needed for exploitation. The exact sequence of steps is not publicly detailed, but the overflow allows a controlled write beyond the intended buffer boundaries.

Impact

Successful exploitation results in local escalation of privilege within the System context. The out-of-bounds write can corrupt memory, potentially leading to arbitrary code execution at elevated privileges, compromising the confidentiality, integrity, and availability of the device.

Mitigation

MediaTek has provided a patch (ALPS07510064) as part of the July 2023 Product Security Bulletin [1]. Device OEMs have been notified and are expected to distribute the fix. Users should apply security updates from their device manufacturer as soon as they become available. No workaround is documented.

References
  1. July 2023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Mediatek/keyInstallllm-fuzzy
  • MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797v5
    Range: Android 11.0, 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.