Potential Local Escalation of Privilege Vulnerability in Modem
CVE-2024-20132

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6298, Mt6879, Mt6886, Mt6895, Mt6895t, Mt6896, Mt6980, Mt6980d, Mt6983, Mt6985, Mt6989, Mt6990, Mt8673, Mt8676, Mt8795t, Mt8798
Vendor: CVE Published:; 2 December 2024

Summary

In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872.

Affected Version(s)

MT2737, MT6298, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990, MT8673, MT8676, MT8795T, MT8798 Modem NR16 partial branches

References

https://corp.mediatek.com/product-security-bulletin/Decem...

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 2, 2023