CVSS: 6.7EPSS: 0%CPEs: 63EXPL: 0CVE-2023-20652
https://notcve.org/view.php?id=CVE-2023-20652
In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135. • https://corp.mediatek.com/product-security-bulletin/April-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2023-20682
https://notcve.org/view.php?id=CVE-2023-20682
In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605. • https://corp.mediatek.com/product-security-bulletin/April-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2023-20685
https://notcve.org/view.php?id=CVE-2023-20685
In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575. • https://corp.mediatek.com/product-security-bulletin/April-2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.7EPSS: 0%CPEs: 36EXPL: 0CVE-2023-20661
https://notcve.org/view.php?id=CVE-2023-20661
In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782. • https://corp.mediatek.com/product-security-bulletin/April-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20686
https://notcve.org/view.php?id=CVE-2023-20686
In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826. • https://corp.mediatek.com/product-security-bulletin/April-2023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •