Local Denial of Service in MediaTek wlan STA Driver
CVE-2024-20152

4.4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt3603, Mt6835, Mt6878, Mt6886, Mt6897, Mt6990, Mt7902, Mt7920, Mt7922, Mt8518s, Mt8532, Mt8755, Mt8766, Mt8768, Mt8775, Mt8781, Mt8796, Mt8798, Mt8893
Vendor: CVE Published:; 6 January 2025

Summary

A vulnerability exists in the wlan STA driver from MediaTek, characterized by improper exception handling leading to a reachable assertion. If exploited by a malicious actor with system privileges, this flaw can result in local denial of service. Crucially, user interaction is not needed for exploitation, making it a significant concern for impacted systems. Vendors are advised to apply the relevant patches (Patch ID: WCNCR00389047 / ALPS09136505) to mitigate risk.

Affected Version(s)

MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8755, MT8766, MT8768, MT8775, MT8781, MT8796, MT8798, MT8893 Android 13.0, 14.0, 15.0 / SDK release 2.4 and before / openWRT 23.05 / Yocto 3.3, 4.0, 5.0

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Nov 2, 2023