CVE-2023-20808

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Aug 7, 2023

Updated: Aug 9, 2023

CWE ID 787

Summary

CVE-2023-20808 is a vulnerability affecting OPTEE that allows for a possible out-of-bounds write due to a missing bounds check. This issue can lead to local privilege escalation, resulting in System execution privileges. Unlike some vulnerabilities, user interaction is not required for exploitation. The patch for this issue is identified as DTV03645895, and it is strongly recommended that affected systems be updated as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sP3Zwy
https://www.cve.org/CVERecord?id=CVE-2023-20808
https://nvd.nist.gov/vuln/detail/CVE-2023-20808

Back to Vulnerability Database