CVE-2023-20819

Summary

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MT2731, MT6570, MT6580, MT6595, MT6732, MT6735, MT6737, MT6737M, MT6738, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6757, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6795, MT6797, MT6799, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8786, MT8788, MT8788T, MT8788X, MT8788Z, MT8791, MT8791T, MT8797, MT8798Modem LR11, LR12A, LR13, NR15, NR16, NR17affected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References