March 2023 Product Security Bulletin

Published 2023-03-06
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform and OTT chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).


Summary

Severity CVEs
High CVE-2023-20620, CVE-2023-20621, CVE-2023-20623
Medium CVE-2023-20624, CVE-2023-20625, CVE-2023-20626, CVE-2023-20627, CVE-2023-20628, CVE-2023-20630, CVE-2023-20632, CVE-2023-20633, CVE-2023-20634, CVE-2023-20635, CVE-2023-20636, CVE-2023-20637, CVE-2023-20638, CVE-2023-20639, CVE-2023-20640, CVE-2023-20641, CVE-2023-20642, CVE-2023-20643, CVE-2023-20644, CVE-2023-20645, CVE-2023-20646, CVE-2023-20647, CVE-2023-20648, CVE-2023-20649, CVE-2023-20650, CVE-2023-20651


Details

CVE CVE-2023-20620
Title Time-of-check time-of-use (toctou) race condition in adsp
Severity High
Vulnerability Type EoP
CWE CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20621
Title Improper input validation in tinysys
Severity High
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6761, MT6762, MT6765, MT6771, MT6789, MT6879, MT6883, MT6885, MT6893, MT6895, MT6983
Affected Software Versions Android 10.0, 11.0, 12.0, 13.0

CVE CVE-2023-20623
Title Time-of-check time-of-use (toctou) race condition in ion
Severity High
Vulnerability Type EoP
CWE CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8173, MT8532, MT8666, MT8667, MT8788
Affected Software Versions Android 10.0, 11.0, 12.0 or Yocto 3.1, 3.3, 4.0

CVE CVE-2023-20624
Title Buffer copy without checking size of input ('classic buffer overflow') in vow
Severity Medium
Vulnerability Type EoP
CWE CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Description In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6983, MT8781, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20625
Title Improper synchronization in adsp
Severity Medium
Vulnerability Type EoP
CWE CWE-662 Improper Synchronization
Description In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6761, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20626
Title Improper input validation in msdc
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8785, MT8789, MT8791, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0

CVE CVE-2023-20627
Title Incorrect calculation of buffer size in pqframework
Severity Medium
Vulnerability Type EoP
CWE CWE-131 Incorrect Calculation of Buffer Size
Description In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8167, MT8168
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20628
Title Improper check or handling of exceptional conditions in thermal
Severity Medium
Vulnerability Type EoP
CWE CWE-703 Improper Check or Handling of Exceptional Conditions
Description In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8175, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20630
Title Out-of-bounds write in usb
Severity Medium
Vulnerability Type EoP
CWE CWE-787 Out-of-bounds Write
Description In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20632
Title Out-of-bounds write in usb
Severity Medium
Vulnerability Type EoP
CWE CWE-787 Out-of-bounds Write
Description In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20633
Title Improper validation of array index in usb
Severity Medium
Vulnerability Type EoP
CWE CWE-129 Improper Validation of Array Index
Description In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6735, MT6739, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6885, MT6893, MT6895, MT6983, MT8167, MT8168, MT8666, MT8675
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20634
Title Improper input validation in widevine
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions Android 11.0, 12.0

CVE CVE-2023-20635
Title Integer underflow (wrap or wraparound) in keyinstall
Severity Medium
Vulnerability Type ID
CWE CWE-191 Integer Underflow (Wrap or Wraparound)
Description In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 10.0, 11.0, 12.0, 13.0

CVE CVE-2023-20636
Title Improper input validation in display drm
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6895, MT6985, MT8168, MT8781
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20637
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20638
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6753, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20639
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20640
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20641
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20642
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20643
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6761, MT6762, MT6765, MT6768, MT6769, MT6781, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6891, MT6893, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20644
Title Improper input validation in ril
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20645
Title Improper input validation in ril
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6761, MT6762, MT6763, MT6765, MT6769, MT6771, MT6779, MT6785, MT6789, MT6873, MT6875, MT6877, MT6879, MT6895, MT6983, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20646
Title Improper input validation in ril
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20647
Title Improper input validation in ril
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6739, MT6761, MT6762, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20648
Title Improper input validation in ril
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20649
Title Improper input validation in ril
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20650
Title Improper input validation in apu
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20651
Title Improper input validation in apu
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6853, MT6853T, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8195Z
Affected Software Versions Android 12.0, 13.0


Vulnerability Type Definition

Abbreviation Definition
RCE Remote Code Execution
EoP Elevation of Privilege
ID Information Disclosure
DoS Denial of Service
N/A Classification not available


Versions

Version Date Description
1.0 March 6, 2023 Bulletin published.


Notes

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.