Lucene search

MediaTekCVE-2024-20053

HistoryApr 01, 2024 - 3:15 a.m.

CVE-2024-20053

2024-04-0103:15:08

CWE-787

MediaTek

web.nvd.nist.gov

flashc

out of bounds write

local privilege escalation

uncaught exception

system execution privileges

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt2713_firmware

mediatekmt2737_firmware

mediatekmt6781_firmware

mediatekmt6789_firmware

mediatekmt6835_firmware

mediatekmt6855_firmware

mediatekmt6879_firmware

mediatekmt6880_firmware

mediatekmt6886_firmware

mediatekmt6890_firmware

mediatekmt6895_firmware

mediatekmt6980_firmware

mediatekmt6983_firmware

mediatekmt6985_firmware

mediatekmt6989_firmware

mediatekmt6990_firmware

mediatekmt8167_firmware

mediatekmt8168_firmware

mediatekmt8173_firmware

mediatekmt8175_firmware

mediatekmt8188_firmware

mediatekmt8195_firmware

mediatekmt8321_firmware

mediatekmt8362a_firmware

mediatekmt8365_firmware

mediatekmt8385_firmware

mediatekmt8390_firmware

mediatekmt8395_firmware

mediatekmt8666_firmware

mediatekmt8667_firmware

mediatekmt8673_firmware

mediatekmt8765_firmware

mediatekmt8766_firmware

mediatekmt8768_firmware

mediatekmt8781_firmware

mediatekmt8786_firmware

mediatekmt8788_firmware

mediatekmt8789_firmware

mediatekmt8791_firmware

mediatekmt8791t_firmware

mediatekmt8796_firmware

mediatekmt8797_firmware

mediatekmt8798_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2713_firmware*cpe:2.3:a:mediatek:mt2713_firmware:*:*:*:*:*:*:*:*
mediatekmt2737_firmware*cpe:2.3:a:mediatek:mt2737_firmware:*:*:*:*:*:*:*:*
mediatekmt6781_firmware*cpe:2.3:a:mediatek:mt6781_firmware:*:*:*:*:*:*:*:*
mediatekmt6789_firmware*cpe:2.3:a:mediatek:mt6789_firmware:*:*:*:*:*:*:*:*
mediatekmt6835_firmware*cpe:2.3:a:mediatek:mt6835_firmware:*:*:*:*:*:*:*:*
mediatekmt6855_firmware*cpe:2.3:a:mediatek:mt6855_firmware:*:*:*:*:*:*:*:*
mediatekmt6879_firmware*cpe:2.3:a:mediatek:mt6879_firmware:*:*:*:*:*:*:*:*
mediatekmt6880_firmware*cpe:2.3:a:mediatek:mt6880_firmware:*:*:*:*:*:*:*:*
mediatekmt6886_firmware*cpe:2.3:a:mediatek:mt6886_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2713_firmware	*	cpe:2.3:a:mediatek:mt2713_firmware::::::::
mediatek	mt2737_firmware	*	cpe:2.3:a:mediatek:mt2737_firmware::::::::
mediatek	mt6781_firmware	*	cpe:2.3:a:mediatek:mt6781_firmware::::::::
mediatek	mt6789_firmware	*	cpe:2.3:a:mediatek:mt6789_firmware::::::::
mediatek	mt6835_firmware	*	cpe:2.3:a:mediatek:mt6835_firmware::::::::
mediatek	mt6855_firmware	*	cpe:2.3:a:mediatek:mt6855_firmware::::::::
mediatek	mt6879_firmware	*	cpe:2.3:a:mediatek:mt6879_firmware::::::::
mediatek	mt6880_firmware	*	cpe:2.3:a:mediatek:mt6880_firmware::::::::
mediatek	mt6886_firmware	*	cpe:2.3:a:mediatek:mt6886_firmware::::::::

Rows per page:

1-10 of 441

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8167, MT8168, MT8173, MT8175, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20053