Possible Out of Bounds Write Vulnerability in WLAN Service Could Lead to Local Escalation of Privilege
CVE-2024-20064

7.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt6580, Mt6761, Mt6762, Mt6768, Mt6781, Mt6789, Mt6833, Mt6853, Mt6853t, Mt6855, Mt6873, Mt6875, Mt6877, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6891, Mt6893, Mt6895, Mt6983, Mt6985, Mt6989, Mt8678, Mt8755, Mt8775, Mt8792, Mt8796
Vendor: CVE Published:; 6 May 2024

Summary

The WLAN service provided by MediaTek is subject to a vulnerability due to improper input validation, allowing an out of bounds write. This flaw could enable an attacker to escalate privileges locally without requiring additional execution privileges or user interaction. The issue has been tracked under Patch ID: ALPS08572601 and Issue ID: MSV-1229. Users are advised to apply the necessary patches to mitigate this security risk.

Affected Version(s)

MT6580, MT6761, MT6762, MT6768, MT6781, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT8678, MT8755, MT8775, MT8792, MT8796 Android 13.0, 14.0

References

https://corp.mediatek.com/product-security-bulletin/May-2024

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Nov 2, 2023