May 2023 Product Security Bulletin

Published 2023-05-05
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.

The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).


Summary

Severity CVEs
High CVE-2023-20726, CVE-2023-20694, CVE-2023-20695, CVE-2023-20696, CVE-2023-20697, CVE-2023-20698, CVE-2023-20699
Medium CVE-2023-20700, CVE-2023-20701, CVE-2023-20703, CVE-2023-20704, CVE-2023-20705, CVE-2023-20706, CVE-2023-20707, CVE-2023-20708, CVE-2023-20709, CVE-2023-20710, CVE-2023-20711, CVE-2023-20717, CVE-2023-20718, CVE-2023-20719, CVE-2023-20720, CVE-2023-20721, CVE-2023-20722, CVE-2023-20673


Details

CVE CVE-2023-20726
Title Improper access control in mnld
Severity High
Vulnerability Type ID
CWE CWE-284 Improper Access Control
Description In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3

CVE CVE-2023-20694
Title Improper input validation in preloader
Severity High
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6789, MT6853, MT6855, MT6873, MT6879, MT6880, MT6885, MT6890, MT6895, MT6983, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0 / OpenWrt 19.07, 21.02

CVE CVE-2023-20695
Title Improper input validation in preloader
Severity High
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 13.0 / OpenWrt 19.07, 21.02

CVE CVE-2023-20696
Title Improper input validation in preloader
Severity High
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 13.0 / OpenWrt 19.07, 21.02

CVE CVE-2023-20697
Title Improper input validation in keyinstall
Severity High
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20698
Title Improper input validation in keyinstall
Severity High
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20699
Title Improper input validation in adsp
Severity High
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20700
Title Out-of-bounds write in widevine
Severity Medium
Vulnerability Type EoP
CWE CWE-787 Out-of-bounds Write
Description In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions Android 11.0, 12.0

CVE CVE-2023-20701
Title Out-of-bounds write in widevine
Severity Medium
Vulnerability Type EoP
CWE CWE-787 Out-of-bounds Write
Description In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797
Affected Software Versions Android 11.0, 12.0

CVE CVE-2023-20703
Title Improper input validation in apu
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20704
Title Improper input validation in apu
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20705
Title Improper input validation in apu
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20706
Title Improper input validation in apu
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20707
Title Improper input validation in ril
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20708
Title Improper input validation in keyinstall
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20709
Title Improper input validation in keyinstall
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20710
Title Improper input validation in keyinstall
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20711
Title Improper input validation in keyinstall
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20717
Title Exposure of sensitive information to an unauthorized actor in vcu
Severity Medium
Vulnerability Type ID
CWE CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8365, MT8786, MT8789, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0

CVE CVE-2023-20718
Title Improper input validation in vcu
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797
Affected Software Versions Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)

CVE CVE-2023-20719
Title Improper input validation in pqframework
Severity Medium
Vulnerability Type ID
CWE CWE-20 Improper Input Validation
Description In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20720
Title Improper input validation in pqframework
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6895, MT6983, MT8167, MT8168, MT8195, MT8673
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20721
Title Improper input validation in isp
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6879, MT6895, MT6983, MT8195, MT8395, MT8673
Affected Software Versions Android 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)

CVE CVE-2023-20722
Title Improper input validation in m4u
Severity Medium
Vulnerability Type EoP
CWE CWE-20 Improper Input Validation
Description In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT6765, MT6768, MT8768
Affected Software Versions Android 12.0, 13.0

CVE CVE-2023-20673
Title Incorrect comparison in vcu
Severity Medium
Vulnerability Type EoP
CWE CWE-697 Incorrect Comparison
Description In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9023, MT9025, MT9618, MT9653, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982
Affected Software Versions Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)


Vulnerability Type Definition

Abbreviation Definition
RCE Remote Code Execution
EoP Elevation of Privilege
ID Information Disclosure
DoS Denial of Service
N/A Classification not available


Versions

Version Date Description
1.0 May 5, 2023 Bulletin published.


Notes

Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.

If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.