Lucene search

MediaTekCVE-2024-20074

HistoryJun 03, 2024 - 2:15 a.m.

CVE-2024-20074

2024-06-0302:15:09

CWE-787

MediaTek

web.nvd.nist.gov

cve-2024-20074

nvd

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

In dmc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08668110; Issue ID: MSV-1333.

Affected configurations

Vulners

Node

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6580_firmware

mediatekmt6739_firmware

mediatekmt6761_firmware

mediatekmt6765_firmware

mediatekmt6768_firmware

mediatekmt6779_firmware

mediatekmt6781_firmware

mediatekmt6785_firmware

mediatekmt6789_firmware

mediatekmt6833_firmware

mediatekmt6835_firmware

mediatekmt6853_firmware

mediatekmt6855_firmware

mediatekmt6873_firmware

mediatekmt6877_firmware

mediatekmt6879_firmware

mediatekmt6883_firmware

mediatekmt6885_firmware

mediatekmt6886_firmware

mediatekmt6889_firmware

mediatekmt6893_firmware

mediatekmt6895_firmware

mediatekmt6897_firmware

mediatekmt6983_firmware

mediatekmt6985_firmware

mediatekmt6989_firmware

mediatekmt8666_firmware

mediatekmt8667_firmware

mediatekmt8673_firmware

mediatekmt8676_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6580_firmware*cpe:2.3:a:mediatek:mt6580_firmware:*:*:*:*:*:*:*:*
mediatekmt6739_firmware*cpe:2.3:a:mediatek:mt6739_firmware:*:*:*:*:*:*:*:*
mediatekmt6761_firmware*cpe:2.3:a:mediatek:mt6761_firmware:*:*:*:*:*:*:*:*
mediatekmt6765_firmware*cpe:2.3:a:mediatek:mt6765_firmware:*:*:*:*:*:*:*:*
mediatekmt6768_firmware*cpe:2.3:a:mediatek:mt6768_firmware:*:*:*:*:*:*:*:*
mediatekmt6779_firmware*cpe:2.3:a:mediatek:mt6779_firmware:*:*:*:*:*:*:*:*
mediatekmt6781_firmware*cpe:2.3:a:mediatek:mt6781_firmware:*:*:*:*:*:*:*:*
mediatekmt6785_firmware*cpe:2.3:a:mediatek:mt6785_firmware:*:*:*:*:*:*:*:*
mediatekmt6789_firmware*cpe:2.3:a:mediatek:mt6789_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6580_firmware	*	cpe:2.3:a:mediatek:mt6580_firmware::::::::
mediatek	mt6739_firmware	*	cpe:2.3:a:mediatek:mt6739_firmware::::::::
mediatek	mt6761_firmware	*	cpe:2.3:a:mediatek:mt6761_firmware::::::::
mediatek	mt6765_firmware	*	cpe:2.3:a:mediatek:mt6765_firmware::::::::
mediatek	mt6768_firmware	*	cpe:2.3:a:mediatek:mt6768_firmware::::::::
mediatek	mt6779_firmware	*	cpe:2.3:a:mediatek:mt6779_firmware::::::::
mediatek	mt6781_firmware	*	cpe:2.3:a:mediatek:mt6781_firmware::::::::
mediatek	mt6785_firmware	*	cpe:2.3:a:mediatek:mt6785_firmware::::::::
mediatek	mt6789_firmware	*	cpe:2.3:a:mediatek:mt6789_firmware::::::::

Rows per page:

1-10 of 311

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676",
    "versions": [
      {
        "version": "Android 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2024

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20074