Out of Bounds Write Vulnerability in Mediatek WLAN Driver
CVE-2024-20146

8.1HIGH

Key Information:

Vendor

MediaTek
Status
Mt2737, Mt3603, Mt6835, Mt6878, Mt6886, Mt6897, Mt6990, Mt7902, Mt7920, Mt7922, Mt8365, Mt8518s, Mt8532, Mt8666, Mt8667, Mt8673, Mt8755, Mt8766, Mt8768, Mt8775, Mt8781, Mt8786, Mt8788, Mt8796, Mt8798, Mt8893
Vendor
CVE Published:
6 January 2025

What is CVE-2024-20146?

A vulnerability has been identified in the Mediatek WLAN STA driver, allowing for a potential out of bounds write due to improper input validation. This flaw could enable attackers to execute arbitrary code remotely, without requiring any additional execution privileges or user interactions. If exploited, this could severely compromise the security of affected systems. Immediate action is recommended to mitigate the risks associated with this type of vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 Android 13.0, 14.0, 15.0 / SDK release 2.5 and before / openWRT 23.05 / Yocto 3.3, 4.0, 5.0

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.