Lucene search

[email protected]CVE-2024-20020

HistoryMar 04, 2024 - 3:15 a.m.

CVE-2024-20020

2024-03-0403:15:07

[email protected]

web.nvd.nist.gov

optee

out of bounds write

information disclosure

system execution privileges

cve-2024-20020

nvd

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.

Affected configurations

Vulners

Node

googleandroidRange<13.0

mediatekmt2713

mediatekmt2715

mediatekmt8173

mediatekmt8188

mediatekmt8195

mediatekmt8390

mediatekmt8395

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2713*cpe:2.3:h:mediatek:mt2713:*:*:*:*:*:*:*:*
mediatekmt2715*cpe:2.3:h:mediatek:mt2715:*:*:*:*:*:*:*:*
mediatekmt8173*cpe:2.3:h:mediatek:mt8173:*:*:*:*:*:*:*:*
mediatekmt8188*cpe:2.3:h:mediatek:mt8188:*:*:*:*:*:*:*:*
mediatekmt8195*cpe:2.3:h:mediatek:mt8195:*:*:*:*:*:*:*:*
mediatekmt8390*cpe:2.3:h:mediatek:mt8390:*:*:*:*:*:*:*:*
mediatekmt8395*cpe:2.3:h:mediatek:mt8395:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2713	*	cpe:2.3:h:mediatek:mt2713::::::::
mediatek	mt2715	*	cpe:2.3:h:mediatek:mt2715::::::::
mediatek	mt8173	*	cpe:2.3:h:mediatek:mt8173::::::::
mediatek	mt8188	*	cpe:2.3:h:mediatek:mt8188::::::::
mediatek	mt8195	*	cpe:2.3:h:mediatek:mt8195::::::::
mediatek	mt8390	*	cpe:2.3:h:mediatek:mt8390::::::::
mediatek	mt8395	*	cpe:2.3:h:mediatek:mt8395::::::::

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2713, MT2715, MT8173, MT8188, MT8195, MT8390, MT8395",
    "versions": [
      {
        "version": "Android 13.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/March-2024