CVE-2023-20849
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
04/09/2023
Last modified:
01/10/2024
Description
In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page