CVE-2024-20064
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229.
Affected (2)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 13.0 |
| Running on/with | Platform Versions |
|---|---|
Mediatek Mt6580 | All versions |
Mediatek Mt6761 | All versions |
Mediatek Mt6762 | All versions |
Mediatek Mt6768 | All versions |
Mediatek Mt6781 | All versions |
Mediatek Mt6789 | All versions |
Mediatek Mt6833 | All versions |
Mediatek Mt6853 | All versions |
Mediatek Mt6853t | All versions |
Mediatek Mt6855 | All versions |
Mediatek Mt6873 | All versions |
Mediatek Mt6875 | All versions |
Mediatek Mt6877 | All versions |
Mediatek Mt6879 | All versions |
Mediatek Mt6883 | All versions |
Mediatek Mt6885 | All versions |
Mediatek Mt6886 | All versions |
Mediatek Mt6889 | All versions |
Mediatek Mt6891 | All versions |
Mediatek Mt6893 | All versions |
Mediatek Mt6895 | All versions |
Mediatek Mt6983 | All versions |
Mediatek Mt6985 | All versions |
Mediatek Mt6989 | All versions |
Mediatek Mt8678 | All versions |
Mediatek Mt8755 | All versions |
Mediatek Mt8775 | All versions |
Mediatek Mt8792 | All versions |
Mediatek Mt8796 | All versions |
Related CWEs
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: security@mediatek.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.