Possible Denial of Service Vulnerability in WLAN
CVE-2024-20089

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt6835, Mt6878, Mt6886, Mt6897, Mt6980, Mt6985, Mt6989, Mt6990, Mt8678, Mt8775, Mt8792, Mt8796
Vendor: CVE Published:; 2 September 2024

Summary

A vulnerability has been identified in Mediatek's WLAN products that could result in a remote denial of service due to improper error handling within the wlan module. An attacker could exploit this flaw without needing any additional execution privileges or user interaction. This could allow for disruption of service, impacting users reliant on these WLAN products. A patch addressing this issue has been released under Patch ID ALPS08861558.

Affected Version(s)

MT6835, MT6878, MT6886, MT6897, MT6980, MT6985, MT6989, MT6990, MT8678, MT8775, MT8792, MT8796 Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2024
Vulnerability Reserved
Nov 2, 2023