CVE-2024-20007
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD
Description
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 12.0 |
| Running on/with | Platform Versions |
|---|---|
Mediatek Mt6580 | All versions |
Mediatek Mt6739 | All versions |
Mediatek Mt6761 | All versions |
Mediatek Mt6762 | All versions |
Mediatek Mt6765 | All versions |
Mediatek Mt6779 | All versions |
Mediatek Mt6785 | All versions |
Mediatek Mt6789 | All versions |
Mediatek Mt6833 | All versions |
Mediatek Mt6835 | All versions |
Mediatek Mt6853 | All versions |
Mediatek Mt6853t | All versions |
Mediatek Mt6855 | All versions |
Mediatek Mt6873 | All versions |
Mediatek Mt6877 | All versions |
Mediatek Mt6879 | All versions |
Mediatek Mt6883 | All versions |
Mediatek Mt6885 | All versions |
Mediatek Mt6886 | All versions |
Mediatek Mt6889 | All versions |
Mediatek Mt6895 | All versions |
Mediatek Mt6983 | All versions |
Mediatek Mt6985 | All versions |
Mediatek Mt8321 | All versions |
Mediatek Mt8765 | All versions |
Mediatek Mt8766 | All versions |
Mediatek Mt8768 | All versions |
Mediatek Mt8786 | All versions |
Mediatek Mt8788 | All versions |
Mediatek Mt8789 | All versions |
Mediatek Mt8791 | All versions |
Mediatek Mt8797 | All versions |
Mediatek Mt8798 | All versions |
Related CWEs
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: security@mediatek.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.