Lucene search

MediaTekCVE-2024-20046

HistoryApr 01, 2024 - 3:15 a.m.

CVE-2024-20046

2024-04-0103:15:08

CWE-190

MediaTek

web.nvd.nist.gov

privilege escalation

battery

integer overflow

system execution

patch id

issue id

no user interaction

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID: ALPS08485622.

Affected configurations

Vulners

Node

googleandroidRange<12.0

mediatekmt6761_firmware

mediatekmt6765_firmware

mediatekmt6768_firmware

mediatekmt6789_firmware

mediatekmt6833_firmware

mediatekmt6855_firmware

mediatekmt6895_firmware

mediatekmt8167_firmware

mediatekmt8168_firmware

mediatekmt8188_firmware

mediatekmt8321_firmware

mediatekmt8765_firmware

mediatekmt8766_firmware

mediatekmt8768_firmware

mediatekmt8781_firmware

mediatekmt8786_firmware

mediatekmt8788_firmware

mediatekmt8789_firmware

mediatekmt8791t_firmware

mediatekmt8797_firmware

mediatekmt8798_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6761_firmware*cpe:2.3:a:mediatek:mt6761_firmware:*:*:*:*:*:*:*:*
mediatekmt6765_firmware*cpe:2.3:a:mediatek:mt6765_firmware:*:*:*:*:*:*:*:*
mediatekmt6768_firmware*cpe:2.3:a:mediatek:mt6768_firmware:*:*:*:*:*:*:*:*
mediatekmt6789_firmware*cpe:2.3:a:mediatek:mt6789_firmware:*:*:*:*:*:*:*:*
mediatekmt6833_firmware*cpe:2.3:a:mediatek:mt6833_firmware:*:*:*:*:*:*:*:*
mediatekmt6855_firmware*cpe:2.3:a:mediatek:mt6855_firmware:*:*:*:*:*:*:*:*
mediatekmt6895_firmware*cpe:2.3:a:mediatek:mt6895_firmware:*:*:*:*:*:*:*:*
mediatekmt8167_firmware*cpe:2.3:a:mediatek:mt8167_firmware:*:*:*:*:*:*:*:*
mediatekmt8168_firmware*cpe:2.3:a:mediatek:mt8168_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6761_firmware	*	cpe:2.3:a:mediatek:mt6761_firmware::::::::
mediatek	mt6765_firmware	*	cpe:2.3:a:mediatek:mt6765_firmware::::::::
mediatek	mt6768_firmware	*	cpe:2.3:a:mediatek:mt6768_firmware::::::::
mediatek	mt6789_firmware	*	cpe:2.3:a:mediatek:mt6789_firmware::::::::
mediatek	mt6833_firmware	*	cpe:2.3:a:mediatek:mt6833_firmware::::::::
mediatek	mt6855_firmware	*	cpe:2.3:a:mediatek:mt6855_firmware::::::::
mediatek	mt6895_firmware	*	cpe:2.3:a:mediatek:mt6895_firmware::::::::
mediatek	mt8167_firmware	*	cpe:2.3:a:mediatek:mt8167_firmware::::::::
mediatek	mt8168_firmware	*	cpe:2.3:a:mediatek:mt8168_firmware::::::::

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6761, MT6765, MT6768, MT6789, MT6833, MT6855, MT6895, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20046