CVSS: 6.7EPSS: 0%CPEs: 27EXPL: 0CVE-2023-20696
https://notcve.org/view.php?id=CVE-2023-20696
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 32EXPL: 0CVE-2023-20695
https://notcve.org/view.php?id=CVE-2023-20695
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20704
https://notcve.org/view.php?id=CVE-2023-20704
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-20721
https://notcve.org/view.php?id=CVE-2023-20721
In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21104
https://notcve.org/view.php?id=CVE-2023-21104
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 • https://source.android.com/security/bulletin/2023-05-01 • CWE-276: Incorrect Default Permissions •