Skip to main content

Iot Yocto CVE-2023-20715

MEDIUM
Out-of-bounds Write (CWE-787)
2023-06-06 security@mediatek.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 06, 2023 - 13:15 nvd
MEDIUM 6.7

DescriptionNVD

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.

AnalysisAI

In wlan, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900. Affected products include: Linuxfoundation Iot-Yocto, Linuxfoundation Yocto, Google Android, Linux Linux Kernel.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2024-20100 CRITICAL
9.8 Oct 07

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS

CVE-2023-32820 HIGH
7.5 Oct 02

In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5),

CVE-2023-32829 MEDIUM
6.7 Oct 02

In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vu

CVE-2023-32828 MEDIUM
6.7 Oct 02

In vpu, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulne

CVE-2023-32811 MEDIUM
6.7 Sep 04

In connectivity system driver, there is a possible out of bounds write due to improper input validation. Rated medium se

CVE-2023-32806 MEDIUM
6.7 Sep 04

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.

CVE-2023-20746 MEDIUM
6.7 Jun 06

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerab

CVE-2023-20745 MEDIUM
6.7 Jun 06

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerab

CVE-2023-20744 MEDIUM
6.7 Jun 06

In vcu, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is

CVE-2023-20743 MEDIUM
6.7 Jun 06

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerab

CVE-2023-20740 MEDIUM
6.7 Jun 06

In vcu, there is a possible memory corruption due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability

CVE-2023-20738 MEDIUM
6.7 Jun 06

In vcu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vu

Share

CVE-2023-20715 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy