Vcu Memory Corruption via Type Confusion Leading to Local Priv Escalation
CVE-2023-20673 Published on May 15, 2023
In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.
Vulnerability Analysis
CVE-2023-20673 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an Object Type Confusion Vulnerability?
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
CVE-2023-20673 has been classified to as an Object Type Confusion vulnerability or weakness.
Products Associated with CVE-2023-20673
stack.watch emails you whenever new vulnerabilities are published in MediaTek Iot Yocto or Google Android. Just hit a watch button to start following.
Affected Versions
MediaTek, Inc. MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9023, MT9025, MT9618, MT9653, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982 Version Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0) is affected by CVE-2023-20673Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.