{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-20746","assignerOrgId":"ee979b05-11f8-4f25-a7e0-a1fa9c190374","state":"PUBLISHED","assignerShortName":"MediaTek","dateReserved":"2022-10-28T02:03:10.769Z","datePublished":"2023-06-06T12:11:43.256Z","dateUpdated":"2025-01-07T19:22:00.478Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ee979b05-11f8-4f25-a7e0-a1fa9c190374","shortName":"MediaTek","dateUpdated":"2023-06-06T12:11:43.256Z"},"descriptions":[{"lang":"en","value":"In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217."}],"affected":[{"vendor":"MediaTek, Inc.","product":"MT6789, MT6855, MT8167, MT8168, MT8173, MT8185, MT8195, MT8321, MT8365, MT8395, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797","versions":[{"version":"Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2","status":"affected"}]}],"references":[{"url":"https://corp.mediatek.com/product-security-bulletin/June-2023"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Elevation of Privilege"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T09:14:40.970Z"},"title":"CVE Program Container","references":[{"url":"https://corp.mediatek.com/product-security-bulletin/June-2023","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-667","lang":"en","description":"CWE-667 Improper Locking"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.7,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-01-07T19:21:54.476533Z","id":"CVE-2023-20746","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-07T19:22:00.478Z"}}]}}