IoT Yocto 2023 Security Bulletin Published

Product Security Bulletin contains details of security vulnerabilities affecting MediaTek IoT Yocto devices. Device OEMs should regularly review and update all the issues of the corresponding security patches before publication.

August 2023

CVE-2023-20800

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In imgsys, there is a possible system crash due to a missing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT8395

References

Commit 27c5dd10

CVE-2023-20801

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

Commit 27c5dd10

CVE-2023-20802

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-119 Improper Input Validation

Description

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT8395

References

Commit 27c5dd10

CVE-2023-20803

Title

Improper input validation in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-119 Improper Input Validation

Description

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.

Affected Chipsets

MT8395

References

Commit 5657df89

CVE-2023-20804

Title

Out-of-bounds write in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

Commit c80303b4

CVE-2023-20805

Title

Out-of-bounds write in imgsys

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-787 Out-of-bounds Write

Description

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

Commit c80303b4

July 2023

June 2023

CVE-2023-20728

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20731

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20732

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20712

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20715

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20716

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20733

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit cd699f74 , 62bf063e , db9a4b9c

CVE-2023-20734

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit cd699f74 , 62bf063e , db9a4b9c

CVE-2023-20735

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit cd699f74 , 62bf063e , db9a4b9c

CVE-2023-20736

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit cd699f74 , 62bf063e , db9a4b9c

CVE-2023-20737

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit cd699f74 , 62bf063e , db9a4b9c

CVE-2023-20738

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit cd699f74 , 62bf063e , db9a4b9c

CVE-2023-20739

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit 3897f570

CVE-2023-20740

Title

Concurrent execution using shared resource with improper synchronization (‘race condition’) in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Description

In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit 3897f570

CVE-2023-20743

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit e66a9d5e

CVE-2023-20744

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit e66a9d5e

CVE-2023-20745

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit e66a9d5e

CVE-2023-20746

Title

Improper synchronization in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit e66a9d5e

May 2023

CVE-2023-20718

Title

Improper input validation in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390,MT8365

References

Commit 2ea38e62 (MT8395,MT8390), 737b2f4a (MT8365)

CVE-2023-20721

Title

Improper input validation in isp

Severity

Medium

Vulnerability Type

EoP

CWE

In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit 88d490a9

CVE-2023-20673

Title

Incorrect comparison in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-697 Incorrect Comparison

Description

In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit a30d1499

April 2023

CVE-2023-20659

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20674

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20675

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20676

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20677

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20679

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20682

Title

Improper input validation in wlan

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

March 2023

February 2023

CVE-2023-20606

Title

Improper input validation in apusys

Severity

Medium

Vulnerability Type

ID

CWE

CWE-20 Improper Input Validation

Description

In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2023-20618

Title

Out-of-bounds read in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-125 Out-of-bounds Read

Description

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit 524e491d

CVE-2023-20619

Title

Use after free in vcu

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-416 Use After Free

Description

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395,MT8390

References

Commit 524e491d

CVE-2022-32642

Title

Improper synchronization in ccd

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

Commit 717a7d6c

CVE-2022-32643

Title

Improper synchronization in ccd

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-662 Improper Synchronization

Description

In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

Commit 717a7d6c

CVE-2022-32654

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2022-32655

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2022-32656

Title

Improper input validation in Wi-Fi driver

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-20 Improper Input Validation

Description

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

CVE-2022-32663

Title

Null pointer dereference in Wi-Fi driver

Severity

Medium

Vulnerability Type

DoS

CWE

CWE-476 NULL Pointer Dereference

Description

In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8365

References

The software repository related to this issue requires more privilege access permission (NDA). Please contact the customer window of IoT Yocto team.

January 2023

CVE-2022-32650

Title

Incorrect calculation of buffer size in isp

Severity

Medium

Vulnerability Type

EoP

CWE

CWE-131 Incorrect Calculation of Buffer Size

Description

In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets

MT8395

References

Commit de2186e2