Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20106

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-04 Nov, 2024 | 01:48
Updated At-04 Nov, 2024 | 10:56
Rejected At-
Credits

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:04 Nov, 2024 | 01:48
Updated At:04 Nov, 2024 | 10:56
Rejected At:
▼CVE Numbering Authority (CNA)

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MT6739, MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8666, MT8667, MT8673, MT8678
Versions
Affected
  • Android 12.0, 13.0, 14.0, 15.0
Problem Types
TypeCWE IDDescription
CWECWE-843CWE-843 Type Confusion
Type: CWE
CWE ID: CWE-843
Description: CWE-843 Type Confusion
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/November-2024
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/November-2024
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
MediaTek Inc.mediatek
Product
mt6739
CPEs
  • cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6761
CPEs
  • cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6765
CPEs
  • cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6768
CPEs
  • cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6779
CPEs
  • cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6785
CPEs
  • cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6853
CPEs
  • cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6873
CPEs
  • cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt6885
CPEs
  • cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8666
CPEs
  • cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8667
CPEs
  • cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8673
CPEs
  • cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
MediaTek Inc.mediatek
Product
mt8678
CPEs
  • cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through * (custom)
Vendor
Google LLCgoogle
Product
android
CPEs
  • cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*
  • cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 12.0
  • 13.0
  • 14.0
  • 15.0
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:04 Nov, 2024 | 02:15
Updated At:24 Apr, 2025 | 15:05

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08960505; Issue ID: MSV-1590.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>android>>12.0
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>13.0
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>14.0
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>15.0
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6739>>-
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6761>>-
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6765>>-
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6768>>-
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6779>>-
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6785>>-
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6853>>-
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6873>>-
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6885>>-
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8666>>-
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8667>>-
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8673>>-
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8678>>-
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-843Secondarysecurity@mediatek.com
CWE-843Primarynvd@nist.gov
CWE ID: CWE-843
Type: Secondary
Source: security@mediatek.com
CWE ID: CWE-843
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/November-2024security@mediatek.com
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/November-2024
Source: security@mediatek.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found