Lucene search

MediaTekCVE-2024-20028

HistoryMar 04, 2024 - 3:15 a.m.

CVE-2024-20028

2024-03-0403:15:07

CWE-787

MediaTek

web.nvd.nist.gov

cve-2024-20028

local privilege escalation

out of bounds write

valudation

alps08541632

alps08541687

nvd

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541687.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6739_firmware

mediatekmt6757_firmware

mediatekmt6761_firmware

mediatekmt6763_firmware

mediatekmt6765_firmware

mediatekmt6768_firmware

mediatekmt6771_firmware

mediatekmt6779_firmware

mediatekmt6785_firmware

mediatekmt6833_firmware

mediatekmt6853_firmware

mediatekmt6873_firmware

mediatekmt6877_firmware

mediatekmt6885_firmware

mediatekmt6893_firmware

mediatekmt8163_firmwareandroid

mediatekmt8167_firmware

mediatekmt8168_firmware

mediatekmt8512_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6739_firmware*cpe:2.3:a:mediatek:mt6739_firmware:*:*:*:*:*:*:*:*
mediatekmt6757_firmware*cpe:2.3:a:mediatek:mt6757_firmware:*:*:*:*:*:*:*:*
mediatekmt6761_firmware*cpe:2.3:a:mediatek:mt6761_firmware:*:*:*:*:*:*:*:*
mediatekmt6763_firmware*cpe:2.3:a:mediatek:mt6763_firmware:*:*:*:*:*:*:*:*
mediatekmt6765_firmware*cpe:2.3:a:mediatek:mt6765_firmware:*:*:*:*:*:*:*:*
mediatekmt6768_firmware*cpe:2.3:a:mediatek:mt6768_firmware:*:*:*:*:*:*:*:*
mediatekmt6771_firmware*cpe:2.3:a:mediatek:mt6771_firmware:*:*:*:*:*:*:*:*
mediatekmt6779_firmware*cpe:2.3:a:mediatek:mt6779_firmware:*:*:*:*:*:*:*:*
mediatekmt6785_firmware*cpe:2.3:a:mediatek:mt6785_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6739_firmware	*	cpe:2.3:a:mediatek:mt6739_firmware::::::::
mediatek	mt6757_firmware	*	cpe:2.3:a:mediatek:mt6757_firmware::::::::
mediatek	mt6761_firmware	*	cpe:2.3:a:mediatek:mt6761_firmware::::::::
mediatek	mt6763_firmware	*	cpe:2.3:a:mediatek:mt6763_firmware::::::::
mediatek	mt6765_firmware	*	cpe:2.3:a:mediatek:mt6765_firmware::::::::
mediatek	mt6768_firmware	*	cpe:2.3:a:mediatek:mt6768_firmware::::::::
mediatek	mt6771_firmware	*	cpe:2.3:a:mediatek:mt6771_firmware::::::::
mediatek	mt6779_firmware	*	cpe:2.3:a:mediatek:mt6779_firmware::::::::
mediatek	mt6785_firmware	*	cpe:2.3:a:mediatek:mt6785_firmware::::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/March-2024

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20028