Possible Out of Bounds Write in WLAN Driver Could Lead to Local Escalation of Privilege
CVE-2024-20072

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt6990, Mt7622
Vendor: CVE Published:; 3 June 2024

Summary

A significant vulnerability has been identified in the MediaTek WLAN driver, characterized by improper input validation that allows for an out of bounds write. This flaw enables attackers to escalate privileges locally, granting them system execution rights without requiring user interaction. This type of security risk underscores the importance of deploying timely updates and patches, such as WCNCR00364732, to safeguard systems against potential exploitation.

Affected Version(s)

MT6890, MT6990, MT7622 SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05

References

https://corp.mediatek.com/product-security-bulletin/June-...

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Nov 2, 2023