Lucene search

MediaTekCVE-2024-20054

HistoryApr 01, 2024 - 3:15 a.m.

CVE-2024-20054

2024-04-0103:15:08

CWE-787

MediaTek

web.nvd.nist.gov

cve

escalation of privilege

local execution

bounds check

patch id

issue id

nvd

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.

Affected configurations

Vulners

Node

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt2735_firmware

mediatekmt2737_firmware

mediatekmt6762_firmware

mediatekmt6765_firmware

mediatekmt6769_firmware

mediatekmt6833_firmware

mediatekmt6835_firmware

mediatekmt6853_firmware

mediatekmt6855_firmware

mediatekmt6873_firmware

mediatekmt6875_firmware

mediatekmt6877_firmware

mediatekmt6879_firmware

mediatekmt6883_firmware

mediatekmt6885_firmware

mediatekmt6889_firmware

mediatekmt6890_firmware

mediatekmt6891_firmware

mediatekmt6893_firmware

mediatekmt6895_firmware

mediatekmt6983_firmware

mediatekmt6985_firmware

mediatekmt6989_firmware

mediatekmt6990_firmware

mediatekmt8168_firmware

mediatekmt8173_firmware

mediatekmt8195_firmware

mediatekmt8321_firmware

mediatekmt8385_firmware

mediatekmt8390_firmware

mediatekmt8666_firmware

mediatekmt8667_firmware

mediatekmt8673_firmware

mediatekmt8676_firmware

mediatekmt8678_firmware

mediatekmt8755_firmware

mediatekmt8765_firmware

mediatekmt8766_firmware

mediatekmt8768_firmware

mediatekmt8775_firmware

mediatekmt8781_firmware

mediatekmt8786_firmware

mediatekmt8788_firmware

mediatekmt8791t_firmware

mediatekmt8792_firmware

mediatekmt8796_firmware

mediatekmt8893_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2735_firmware*cpe:2.3:a:mediatek:mt2735_firmware:*:*:*:*:*:*:*:*
mediatekmt2737_firmware*cpe:2.3:a:mediatek:mt2737_firmware:*:*:*:*:*:*:*:*
mediatekmt6762_firmware*cpe:2.3:a:mediatek:mt6762_firmware:*:*:*:*:*:*:*:*
mediatekmt6765_firmware*cpe:2.3:a:mediatek:mt6765_firmware:*:*:*:*:*:*:*:*
mediatekmt6769_firmware*cpe:2.3:a:mediatek:mt6769_firmware:*:*:*:*:*:*:*:*
mediatekmt6833_firmware*cpe:2.3:a:mediatek:mt6833_firmware:*:*:*:*:*:*:*:*
mediatekmt6835_firmware*cpe:2.3:a:mediatek:mt6835_firmware:*:*:*:*:*:*:*:*
mediatekmt6853_firmware*cpe:2.3:a:mediatek:mt6853_firmware:*:*:*:*:*:*:*:*
mediatekmt6855_firmware*cpe:2.3:a:mediatek:mt6855_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2735_firmware	*	cpe:2.3:a:mediatek:mt2735_firmware::::::::
mediatek	mt2737_firmware	*	cpe:2.3:a:mediatek:mt2737_firmware::::::::
mediatek	mt6762_firmware	*	cpe:2.3:a:mediatek:mt6762_firmware::::::::
mediatek	mt6765_firmware	*	cpe:2.3:a:mediatek:mt6765_firmware::::::::
mediatek	mt6769_firmware	*	cpe:2.3:a:mediatek:mt6769_firmware::::::::
mediatek	mt6833_firmware	*	cpe:2.3:a:mediatek:mt6833_firmware::::::::
mediatek	mt6835_firmware	*	cpe:2.3:a:mediatek:mt6835_firmware::::::::
mediatek	mt6853_firmware	*	cpe:2.3:a:mediatek:mt6853_firmware::::::::
mediatek	mt6855_firmware	*	cpe:2.3:a:mediatek:mt6855_firmware::::::::

Rows per page:

1-10 of 481

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2735, MT2737, MT6762, MT6765, MT6769, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT8168, MT8173, MT8195, MT8321, MT8385, MT8390, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8791T, MT8792, MT8796, MT8893",
    "versions": [
      {
        "version": "Android 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20054