Out of Bounds Write Vulnerability in V6 DA by MediaTek
CVE-2024-20144

6.6MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6739, Mt6761, Mt6765, Mt6768, Mt6771, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6835, Mt6853, Mt6855, Mt6873, Mt6877, Mt6878, Mt6879, Mt6880, Mt6885, Mt6886, Mt6890, Mt6893, Mt6895, Mt6897, Mt6980, Mt6985, Mt6989, Mt6990, Mt8370, Mt8390, Mt8676
Vendor: CVE Published:; 6 January 2025

Summary

The V6 DA product by MediaTek contains a vulnerability that allows for an out of bounds write due to a missing bounds check. This vulnerability requires physical access to the device for exploitation, as it necessitates user interaction. It poses a risk of local escalation of privilege, enabling attackers without additional execution privileges to potentially manipulate device operations. This issue has been identified with Patch ID ALPS09167056 and Issue ID MSV-2041.

Affected Version(s)

MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6980, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676 Android 12.0, 13.0, 14.0, 15.0 / openWRT 19.07, 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Nov 2, 2023