Possible Out-of-Bounds Read Vulnerability in vdec System
CVE-2024-20123

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6761, Mt6765, Mt6768, Mt6779, Mt6785, Mt8766, Mt8768, Mt8789
Vendor: CVE Published:; 4 November 2024

What is CVE-2024-20123?

An out of bounds read vulnerability has been identified in the MediaTek vdec, stemming from improper structure design. This flaw may allow local information disclosure when exploited. Importantly, no user interaction is required for this potential exploitation, as it operates with system execution privileges. It is crucial for affected users to apply the necessary patches, specifically Patch ID: ALPS09008925, to mitigate this security risk and protect sensitive information.

Affected Version(s)

MT6761, MT6765, MT6768, MT6779, MT6785, MT8766, MT8768, MT8789 Android 12.0

References

https://corp.mediatek.com/product-security-bulletin/Novem...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024
Vulnerability Reserved
Nov 2, 2023