SB2023060655 - Multiple vulnerabilities in MediaTek chipsets
Published: June 6, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 31 secuirty vulnerabilities.
1) Improper Synchronization (CVE-ID: CVE-2023-20743)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper locking within vcu. A local privileged application can execute arbitrary code.
2) Improper input validation (CVE-ID: CVE-2023-20725)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader. A local privileged application can execute arbitrary code.
3) Out-of-bounds read (CVE-ID: CVE-2023-20724)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Bluetooth. A local privileged application can execute arbitrary code.
4) Out-of-bounds read (CVE-ID: CVE-2023-20723)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Bluetooth. A local privileged application can execute arbitrary code.
5) Improper input validation (CVE-ID: CVE-2023-20716)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can execute arbitrary code.
6) Improper input validation (CVE-ID: CVE-2023-20715)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2023-20712)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can execute arbitrary code.
8) Out-of-bounds write (CVE-ID: CVE-2023-20752)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within keymanage. A local privileged application can execute arbitrary code.
9) Out-of-bounds write (CVE-ID: CVE-2023-20751)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within keymanage. A local privileged application can execute arbitrary code.
10) Improper input validation (CVE-ID: CVE-2023-20750)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a race condition within swpm. A local privileged application can gain access to sensitive information.
11) Improper input validation (CVE-ID: CVE-2023-20749)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within swpm. A local privileged application can execute arbitrary code.
12) Type confusion (CVE-ID: CVE-2023-20747)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to type confusion within vcu. A local privileged application can perform service disruption.
13) Improper Synchronization (CVE-ID: CVE-2023-20746)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper locking within vcu. A local privileged application can execute arbitrary code.
14) Improper Synchronization (CVE-ID: CVE-2023-20745)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper locking within vcu. A local privileged application can execute arbitrary code.
15) Improper Synchronization (CVE-ID: CVE-2023-20744)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a logic error within vcu. A local privileged application can execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2023-20742)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within ril. A local privileged application can gain access to sensitive information.
17) Improper input validation (CVE-ID: CVE-2023-20727)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can gain access to sensitive information.
18) Improper input validation (CVE-ID: CVE-2023-20741)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within ril. A local privileged application can gain access to sensitive information.
19) Improper Synchronization (CVE-ID: CVE-2023-20740)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a logic error within vcu. A local privileged application can execute arbitrary code.
20) Improper Synchronization (CVE-ID: CVE-2023-20739)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a logic error within vcu. A local privileged application can execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2023-20738)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within vcu. A local privileged application can execute arbitrary code.
22) Improper Synchronization (CVE-ID: CVE-2023-20737)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper locking within vcu. A local privileged application can execute arbitrary code.
23) Improper Synchronization (CVE-ID: CVE-2023-20736)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a race condition within vcu. A local privileged application can execute arbitrary code.
24) Improper input validation (CVE-ID: CVE-2023-20735)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within vcu. A local privileged application can execute arbitrary code.
25) Improper input validation (CVE-ID: CVE-2023-20734)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within vcu. A local privileged application can execute arbitrary code.
26) Improper Synchronization (CVE-ID: CVE-2023-20733)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper locking within vcu. A local privileged application can execute arbitrary code.
27) Improper input validation (CVE-ID: CVE-2023-20732)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can gain access to sensitive information.
28) Improper input validation (CVE-ID: CVE-2023-20731)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can gain access to sensitive information.
29) Improper input validation (CVE-ID: CVE-2023-20730)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can gain access to sensitive information.
30) Improper input validation (CVE-ID: CVE-2023-20729)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can gain access to sensitive information.
31) Improper input validation (CVE-ID: CVE-2023-20728)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within wlan. A local privileged application can gain access to sensitive information.
Remediation
Install update from vendor's website.