Possible Out of Bounds Write Leads to Local Escalation of Privilege
CVE-2024-20074

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6580, Mt6739, Mt6761, Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6835, Mt6853, Mt6855, Mt6873, Mt6877, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6897, Mt6983, Mt6985, Mt6989, Mt8666, Mt8667, Mt8673, Mt8676
Vendor: CVE Published:; 3 June 2024

Summary

A vulnerability has been identified in MediaTek's DMC that arises from an out of bounds write due to a missing bounds check. This security flaw allows for local escalation of privilege, requiring system execution privileges for exploitation. Notably, this vulnerability can be exploited without any user interaction, posing a significant risk to system security. Proper patches should be applied to mitigate potential threats associated with this issue.

Affected Version(s)

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676 Android 13.0, 14.0

References

https://corp.mediatek.com/product-security-bulletin/June-...

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Nov 2, 2023