Possible Out of Bounds Read Vulnerability in cmdq Could Lead to Local Information Disclosure
CVE-2024-20116

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8789, Mt8791t, Mt8795t, Mt8797, Mt8798
Vendor: CVE Published:; 2 December 2024

Summary

A notable vulnerability exists in MediaTek's cmdq component, identified as an out of bounds read due to an insufficient bounds check. This flaw can potentially allow for the disclosure of local information, requiring system execution privileges for exploitation. Importantly, this vulnerability does not necessitate any user interaction, making it a particularly concerning issue for affected systems. Remediation efforts and patches are advised to mitigate the risk posed by this vulnerability.

Affected Version(s)

MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798 Android 12.0

References

https://corp.mediatek.com/product-security-bulletin/Decem...

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 2, 2023