Lucene search

MediaTekCVE-2024-20079

HistoryJul 01, 2024 - 5:15 a.m.

CVE-2024-20079

2024-07-0105:15:04

CWE-787

MediaTek

web.nvd.nist.gov

gnss service

out of bounds write

local privilege escalation

input validation

system execution privileges

AI Score

7.2

Confidence

High

EPSS

Percentile

9.1%

JSON

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491.

Affected configurations

Vulners

Node

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6761_firmware

mediatekmt6765_firmware

mediatekmt6768_firmware

mediatekmt6781_firmware

mediatekmt6785_firmware

mediatekmt6789_firmware

mediatekmt6833_firmware

mediatekmt6853_firmware

mediatekmt6853t_firmware

mediatekmt6855_firmware

mediatekmt6873_firmware

mediatekmt6875_firmware

mediatekmt6877_firmware

mediatekmt6879_firmware

mediatekmt6883_firmware

mediatekmt6885_firmware

mediatekmt6886_firmware

mediatekmt6889_firmware

mediatekmt6891_firmware

mediatekmt6893_firmware

mediatekmt6895_firmware

mediatekmt6983_firmware

mediatekmt6985_firmware

mediatekmt6989_firmware

mediatekmt8666_firmware

mediatekmt8667_firmware

mediatekmt8673_firmware

mediatekmt8676_firmware

mediatekmt8678_firmware

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6761_firmware*cpe:2.3:a:mediatek:mt6761_firmware:*:*:*:*:*:*:*:*
mediatekmt6765_firmware*cpe:2.3:a:mediatek:mt6765_firmware:*:*:*:*:*:*:*:*
mediatekmt6768_firmware*cpe:2.3:a:mediatek:mt6768_firmware:*:*:*:*:*:*:*:*
mediatekmt6781_firmware*cpe:2.3:a:mediatek:mt6781_firmware:*:*:*:*:*:*:*:*
mediatekmt6785_firmware*cpe:2.3:a:mediatek:mt6785_firmware:*:*:*:*:*:*:*:*
mediatekmt6789_firmware*cpe:2.3:a:mediatek:mt6789_firmware:*:*:*:*:*:*:*:*
mediatekmt6833_firmware*cpe:2.3:a:mediatek:mt6833_firmware:*:*:*:*:*:*:*:*
mediatekmt6853_firmware*cpe:2.3:a:mediatek:mt6853_firmware:*:*:*:*:*:*:*:*
mediatekmt6853t_firmware*cpe:2.3:a:mediatek:mt6853t_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6761_firmware	*	cpe:2.3:a:mediatek:mt6761_firmware::::::::
mediatek	mt6765_firmware	*	cpe:2.3:a:mediatek:mt6765_firmware::::::::
mediatek	mt6768_firmware	*	cpe:2.3:a:mediatek:mt6768_firmware::::::::
mediatek	mt6781_firmware	*	cpe:2.3:a:mediatek:mt6781_firmware::::::::
mediatek	mt6785_firmware	*	cpe:2.3:a:mediatek:mt6785_firmware::::::::
mediatek	mt6789_firmware	*	cpe:2.3:a:mediatek:mt6789_firmware::::::::
mediatek	mt6833_firmware	*	cpe:2.3:a:mediatek:mt6833_firmware::::::::
mediatek	mt6853_firmware	*	cpe:2.3:a:mediatek:mt6853_firmware::::::::
mediatek	mt6853t_firmware	*	cpe:2.3:a:mediatek:mt6853t_firmware::::::::

Rows per page:

1-10 of 301

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678",
    "versions": [
      {
        "version": "Android 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/July-2024