CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2023-20699
https://notcve.org/view.php?id=CVE-2023-20699
In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20722
https://notcve.org/view.php?id=CVE-2023-20722
In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20930
https://notcve.org/view.php?id=CVE-2023-20930
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 • https://source.android.com/security/bulletin/2023-05-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21118
https://notcve.org/view.php?id=CVE-2023-21118
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004 • https://source.android.com/security/bulletin/2023-05-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 28EXPL: 0CVE-2023-20717
https://notcve.org/view.php?id=CVE-2023-20717
In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185. • https://corp.mediatek.com/product-security-bulletin/May-2023 •