Possible Out of Bounds Read Vulnerability in WLAN Driver Could Lead to Local Information Disclosure
CVE-2024-20071
Currently unrated
Summary
In the WLAN driver developed by MediaTek, a vulnerability exists that allows for an out-of-bounds read due to improper input validation. This condition can result in local information disclosure. The exploitation of this vulnerability does not require user interaction, making it particularly concerning for systems relying on the WLAN driver. Users with system execution privileges may be affected. Mitigation efforts include applying patches identified by Patch ID: WCNCR00364733, addressing Issue ID: MSV-1331 as outlined in MediaTek's product security bulletin.
Affected Version(s)
MT6890, MT6990, MT7622 SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
References
Timeline
Vulnerability published
Vulnerability Reserved