Possible Memory Corruption in Modem Leads to Remote Code Execution
CVE-2024-20082

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt2735, Mt2737, Mt6833, Mt6835, Mt6835t, Mt6853, Mt6855, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895t, Mt6896, Mt6897, Mt6980, Mt6980d, Mt6983, Mt6985, Mt6989, Mt6990
Vendor: CVE Published:; 14 August 2024

Summary

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.

Affected Version(s)

MT2735, MT2737, MT6833, MT6835, MT6835T, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990 Modem NR15, NR16, NR17

References

https://corp.mediatek.com/product-security-bulletin/Augus...

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Nov 2, 2023