Lucene search

[email protected]CVE-2024-20021

HistoryMay 06, 2024 - 3:15 a.m.

CVE-2024-20021

2024-05-0603:15:09

CWE-269

[email protected]

web.nvd.nist.gov

atf

spm

logic error

local privilege escalation

system execution

patch alps08584568

issue msv-1249

nvd

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6768

mediatekmt6781

mediatekmt6785

mediatekmt6833

mediatekmt6853

mediatekmt6873

mediatekmt6877

mediatekmt6885

mediatekmt6893

mediatekmt8168

mediatekmt8183

mediatekmt8188

mediatekmt8188t

mediatekmt8195

mediatekmt8195z

mediatekmt8321

mediatekmt8362a

mediatekmt8365

mediatekmt8385

mediatekmt8666

mediatekmt8666a

mediatekawus036nh

mediatekmt8667

mediatekmt8673

mediatekmt8675

mediatekmt8676

mediatekawus036nh

mediatekmt8765

mediatekmt8766

mediatekmt8766z

mediatekmt8768

mediatekmt8768a

mediatekmt8768b

mediatekmt8768t

mediatekmt8768z

mediatekmt8781

mediatekmt8786

mediatekmt8788

mediatekmt8788t

mediatekmt8788

mediatekmt8788x

mediatekmt8788z

mediatekmt8792

mediatekmt8795t

mediatekmt8796

mediatekmt8798

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6768*cpe:2.3:h:mediatek:mt6768:*:*:*:*:*:*:*:*
mediatekmt6781*cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:*
mediatekmt6785*cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:*
mediatekmt6833*cpe:2.3:h:mediatek:mt6833:*:*:*:*:*:*:*:*
mediatekmt6853*cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:*
mediatekmt6873*cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:*
mediatekmt6877*cpe:2.3:h:mediatek:mt6877:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6768	*	cpe:2.3:h:mediatek:mt6768::::::::
mediatek	mt6781	*	cpe:2.3:h:mediatek:mt6781::::::::
mediatek	mt6785	*	cpe:2.3:h:mediatek:mt6785::::::::
mediatek	mt6833	*	cpe:2.3:h:mediatek:mt6833::::::::
mediatek	mt6853	*	cpe:2.3:h:mediatek:mt6853::::::::
mediatek	mt6873	*	cpe:2.3:h:mediatek:mt6873::::::::
mediatek	mt6877	*	cpe:2.3:h:mediatek:mt6877::::::::

Rows per page:

1-10 of 511

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6768, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8168, MT8183, MT8188, MT8188T, MT8195, MT8195Z, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766Z, MT8768, MT8768A, MT8768B, MT8768T, MT8768Z, MT8781, MT8781, MT8786, MT8788, MT8788T, MT8788, MT8788X, MT8788Z, MT8792, MT8795T, MT8796, MT8798",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/May-2024