Out of Bounds Write Vulnerability in m4u by MediaTek
CVE-2024-20105

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6580, Mt6739, Mt6761, Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6853, Mt6855, Mt6873, Mt6877, Mt6879, Mt6883, Mt6885, Mt6889, Mt6893, Mt6895, Mt6983, Mt8666, Mt8667, Mt8673, Mt8768
Vendor: CVE Published:; 6 January 2025

Summary

The vulnerability in m4u presented by MediaTek arises from an out of bounds write caused by a lack of appropriate bounds checking. This security flaw poses significant risks as it allows a malicious actor, who has already gained system privileges, to exploit the vulnerability without the need for user interaction. This type of attack may lead to local escalation of privileges, potentially compromising the integrity and security of the affected systems. MediaTek has acknowledged the issue and encourages users to apply the necessary patches to safeguard against these risks.

Affected Version(s)

MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, MT8768 Android 12.0, 13.0, 14.0, 15.0

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Nov 2, 2023