CVE-2023-20718
https://notcve.org/view.php?id=CVE-2023-20718
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation •
CVE-2023-20717
https://notcve.org/view.php?id=CVE-2023-20717
In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185. • https://corp.mediatek.com/product-security-bulletin/May-2023 •
CVE-2022-44419
https://notcve.org/view.php?id=CVE-2022-44419
In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 •
CVE-2022-44420
https://notcve.org/view.php?id=CVE-2022-44420
In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-47485
https://notcve.org/view.php?id=CVE-2022-47485
In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-787: Out-of-bounds Write •