Mediatek Security Flaws Affecting Smartphones, Tablets, Wi-Fi, and Other Chipsets

The July 2023 Product Security Bulletin from Taiwanese chipmaker MediaTek describes security flaws impacting MediaTek chipsets for smartphones, tablets, AIoT, smart displays, smart displays, OTT, and Wi-Fi.

This security advisory provides details on 24 vulnerabilities, of which CVE-2023-20754 and CVE-2023-20755 have been classified as ‘High’ severity.

Details of the ‘High’ Severity Flaws

1. CVE-2023-20754 – Integer overflow or wraparound in keyinstall

The vulnerability is tracked as CVE-2023-20754, integer overflow, or wraparound in keyinstall with a ‘high’ severity range. Due to an integer overflow, there may be an out-of-bounds write-in keyinstall.

This can result in the need for system execution privileges and local privilege escalation. Exploitation does not need user involvement.

Affected Chipsets: MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797.

Affected Software Versions: Android 11.0, 12.0, 13.0.

2. CVE-2023-20755: Improper input validation in keyinstall

The improper input validation in keyinstall vulnerability is tracked as CVE-2023-20755, with a ‘high’ severity range where an integer overflow in keyinstall might result in an out-of-bounds write. 

This could result in a local escalation of privilege with system execution rights needed. Exploitation doesn’t need user involvement.

Affected Chipsets: MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions: Android 11.0, 12.0, 13.0

‘Medium’ Severity Flaws

1. CVE-2023-20753: Out-of-bounds write
2. CVE-2023-20756: Integer overflow or wraparound
3. CVE-2023-20757: Improper input validation in cmdq
4. CVE-2023-20758: Improper input validation in cmdq
5. CVE-2023-20759: Improper input validation in cmdq
6. CVE-2023-20760: Improper input validation in apu
7. CVE-2023-20761: Improper input validation in ril
8. CVE-2023-20766: Improper input validation in gps
9. CVE-2023-20767: Improper input validation in pqframework
10. CVE-2023-20768: Access of resource using incompatible type (‘type confusion’)
11. CVE-2023-20771: Concurrent execution using the shared resource with improper synchronization (‘race condition’)
12. CVE-2023-20772: Improper authentication
13. CVE-2023-20773: Improper Authentication
14. CVE-2023-20774: Improper input validation in display
15. CVE-2023-20775: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
16. CVE-2023-20689: Integer Overflow to Buffer Overflow
17. CVE-2023-20690: Integer Overflow to Buffer Overflow
18. CVE-2023-20691: Integer Overflow to Buffer Overflow
19. CVE-2023-20692: NULL Pointer Dereference
20. CVE-2023-20693: NULL Pointer Dereference
21. CVE-2022-32666: User Interface (UI) Misrepresentation of Critical Information
22. CVE-2023-20748: Improper Input Validation

The company added that device OEMs had been informed of all problems and the accompanying security updates at least two months before publishing.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.