Lucene search

MediaTekCVE-2024-20078

HistoryJul 01, 2024 - 5:15 a.m.

CVE-2024-20078

2024-07-0105:15:04

CWE-843

MediaTek

web.nvd.nist.gov

venc

out of bounds write

local privilege escalation

system execution privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.1%

JSON

In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6768_firmware

mediatekmt6779_firmware

mediatekmt8321_firmware

mediatekmt8385_firmware

mediatekmt8755_firmware

mediatekmt8765_firmware

mediatekmt8766_firmware

mediatekmt8768_firmware

mediatekmt8771_firmware

mediatekmt8775_firmware

mediatekmt8781_firmware

mediatekmt8786_firmware

mediatekmt8788_firmware

mediatekmt8789_firmware

mediatekmt8791t_firmware

mediatekmt8792_firmware

mediatekmt8795t_firmware

mediatekmt8796_firmware

mediatekmt8797_firmware

mediatekmt8798_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6768_firmware*cpe:2.3:a:mediatek:mt6768_firmware:*:*:*:*:*:*:*:*
mediatekmt6779_firmware*cpe:2.3:a:mediatek:mt6779_firmware:*:*:*:*:*:*:*:*
mediatekmt8321_firmware*cpe:2.3:a:mediatek:mt8321_firmware:*:*:*:*:*:*:*:*
mediatekmt8385_firmware*cpe:2.3:o:mediatek:mt8385_firmware:*:*:*:*:*:*:*:*
mediatekmt8755_firmware*cpe:2.3:a:mediatek:mt8755_firmware:*:*:*:*:*:*:*:*
mediatekmt8765_firmware*cpe:2.3:a:mediatek:mt8765_firmware:*:*:*:*:*:*:*:*
mediatekmt8766_firmware*cpe:2.3:a:mediatek:mt8766_firmware:*:*:*:*:*:*:*:*
mediatekmt8768_firmware*cpe:2.3:a:mediatek:mt8768_firmware:*:*:*:*:*:*:*:*
mediatekmt8771_firmware*cpe:2.3:a:mediatek:mt8771_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6768_firmware	*	cpe:2.3:a:mediatek:mt6768_firmware::::::::
mediatek	mt6779_firmware	*	cpe:2.3:a:mediatek:mt6779_firmware::::::::
mediatek	mt8321_firmware	*	cpe:2.3:a:mediatek:mt8321_firmware::::::::
mediatek	mt8385_firmware	*	cpe:2.3:o:mediatek:mt8385_firmware::::::::
mediatek	mt8755_firmware	*	cpe:2.3:a:mediatek:mt8755_firmware::::::::
mediatek	mt8765_firmware	*	cpe:2.3:a:mediatek:mt8765_firmware::::::::
mediatek	mt8766_firmware	*	cpe:2.3:a:mediatek:mt8766_firmware::::::::
mediatek	mt8768_firmware	*	cpe:2.3:a:mediatek:mt8768_firmware::::::::
mediatek	mt8771_firmware	*	cpe:2.3:a:mediatek:mt8771_firmware::::::::

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6768, MT6779, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/July-2024

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-20078