Possible Out of Bounds Write in MP3 Decoder Could Lead to Remote Escalation of Privilege
CVE-2024-20007

7.5HIGH

Key Information:

Vendor: MediaTek
Status: MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798
Vendor: CVE Published:; 5 February 2024

Summary

A vulnerability in the MP3 Decoder from MediaTek allows for an out of bounds write due to a race condition. This security flaw requires user interaction for exploitation, which leads to remote escalation of privilege without needing additional execution privileges. Affected users are encouraged to apply the patch ID ALPS08441369 to mitigate risks associated with this issue.

Affected Version(s)

MT6580, MT6739, MT6761, MT6762, MT6765, MT6779, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6895, MT6983, MT6985, MT8321, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798 Android 12.0, 13.0, 14.0

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Nov 2, 2023