Possible System Crash Due to Missing Bounds Check
CVE-2024-20094

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt2735, Mt6833, Mt6853, Mt6855, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6880, Mt6883, Mt6885, Mt6889, Mt6890, Mt6891, Mt6893, Mt8675, Mt8771, Mt8791, Mt8791t, Mt8797
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-20094?

A vulnerability in MediaTek modem products allows for a potential system crash stemming from a missing bounds check. This absence of necessary validation could be exploited remotely, resulting in a denial of service without the need for any user interaction or elevated privileges. The vulnerability has been documented with Patch ID: MOLY00843282 and Issue ID: MSV-1535, highlighting the importance of implementing mitigations to protect affected installations.

Affected Version(s)

MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797 Modem NR15

References

https://corp.mediatek.com/product-security-bulletin/Octob...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2024
Vulnerability Reserved
Nov 2, 2023