Lucene search

[email protected]CVE-2024-20056

HistoryMay 06, 2024 - 3:15 a.m.

CVE-2024-20056

2024-05-0603:15:09

CWE-20

[email protected]

web.nvd.nist.gov

privilege escalation

preloader

insecure default value

local escalation

system execution privileges

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6739

mediatekmt6761

mediatekmt6765

mediatekmt6768

mediatekmt6781

mediatekmt6785

mediatekmt6789

mediatekmt6833

mediatekmt6835

mediatekmt6853

mediatekmt6855

mediatekmt6873

mediatekmt6880

mediatekmt6885

mediatekmt6886

mediatekmt6890

mediatekmt6893

mediatekmt6895

mediatekmt6897

mediatekmt6983

mediatekmt6985

mediatekmt6989

mediatekmt8666

mediatekmt8667

mediatekmt8673

mediatekmt8676

mediatekawus036nh

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6739*cpe:2.3:h:mediatek:mt6739:*:*:*:*:*:*:*:*
mediatekmt6761*cpe:2.3:h:mediatek:mt6761:*:*:*:*:*:*:*:*
mediatekmt6765*cpe:2.3:h:mediatek:mt6765:*:*:*:*:*:*:*:*
mediatekmt6768*cpe:2.3:h:mediatek:mt6768:*:*:*:*:*:*:*:*
mediatekmt6781*cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:*
mediatekmt6785*cpe:2.3:h:mediatek:mt6785:*:*:*:*:*:*:*:*
mediatekmt6789*cpe:2.3:h:mediatek:mt6789:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6739	*	cpe:2.3:h:mediatek:mt6739::::::::
mediatek	mt6761	*	cpe:2.3:h:mediatek:mt6761::::::::
mediatek	mt6765	*	cpe:2.3:h:mediatek:mt6765::::::::
mediatek	mt6768	*	cpe:2.3:h:mediatek:mt6768::::::::
mediatek	mt6781	*	cpe:2.3:h:mediatek:mt6781::::::::
mediatek	mt6785	*	cpe:2.3:h:mediatek:mt6785::::::::
mediatek	mt6789	*	cpe:2.3:h:mediatek:mt6789::::::::

Rows per page:

1-10 of 301

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0 / OpenWRT 19.07, 21.02, 23.05 / RDK-B 2022q3",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/May-2024

Social References