ByteOS

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.22%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 01:49

Updated-18 Aug, 2025 | 15:41

In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20697

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.22%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 01:49

Updated-18 Aug, 2025 | 15:42

In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20696

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.01% / 1.01%

||

7 Day CHG~0.00%

Published-04 Aug, 2025 | 01:49

Updated-18 Aug, 2025 | 15:42

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20678

Assigner-MediaTek, Inc.

Product-mt6785 mt8675 mt6989 mt6779 mt6875 mt8768 mt6769 mt8667 mt6813 mt8771 mt8873 mt6895tt mt8781 mt8795t mt6763 mt6985t mt6835 mt8786 mt6783 mt6833 mt8788e nr17 mt6769k mt6877t mt6983 mt6880 mt8766r mt8766 mt6762d mt6762 mt6889 mt8789 mt8798 mt6886 mt6765 mt6980 mt6833p mt6762m mt6873 mt6781 mt6989t mt6893 mt6990 nr16 mt6855t mt6897 mt6883 mt6890 mt6771 mt8893 mt6877 mt6879 mt6769z mt8788 mt6739 mt6985 mt6853 mt8791 lr12a mt6875t mt6877tt mt8765 mt6785u mt6983t mt6878m mt6899 mt6761 mt8863 lr13 mt6765t mt8883 mt6789 mt8791t mt6853t nr15 mt8678 mt8797 mt6885 mt6878 mt6895 mt8673 mt6896 mt6767 mt6769s mt8666 mt8676 mt6769t mt6785t nr17r mt6991 mt6891 mt6768 mt6855 mt6835t MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.22% / 44.54%

||

7 Day CHG~0.00%

Published-02 Jun, 2025 | 02:29

Updated-10 Jul, 2025 | 17:38

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Vendor-MediaTek Inc.

CWE ID-CWE-674

Uncontrolled Recursion

CVE-2025-20665

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 0.25%

||

7 Day CHG~0.00%

Published-05 May, 2025 | 02:49

Updated-12 May, 2025 | 18:15

In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

CWE ID-CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

CVE-2025-20667

Assigner-MediaTek, Inc.

Product-mt6877 mt6765 mt8765 mt6886 mt6983t nr15 mt6875 mt6781 mt6877t mt6853t mt6765t mt6890 mt6896 mt8676 mt6813 mt6985t mt6769 mt6833p mt6762 mt6779 mt6899 nr17 mt6875t mt6835 mt6763 mt6983 mt6761 lr13 mt8788e mt6855 mt6762d mt6769t mt6990 mt8667 mt2735 mt6989 nr17r mt6835t mt6789 mt6785t nr16 mt8789 mt8771 mt6769k mt8768 mt6879 mt6889 mt6833 mt6873 mt6878 mt8675 mt8791t mt2737 lr12a mt6767 mt6771 mt6878m mt8797 mt8666 mt8766 mt8781 mt6989t mt6783 mt6893 mt6769z mt6769s mt6785 mt6855t mt6895 mt6891 mt6877tt mt6980d mt6739 mt6762m mt6991 mt6880 mt6883 mt6980 mt8786 mt6885 mt6985 mt8788 mt6897 mt6895tt mt6768 mt6853 mt8791 mt6785u MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8675, MT8676, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8797

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.05% / 16.08%

||

7 Day CHG~0.00%

Published-05 May, 2025 | 02:49

Updated-12 May, 2025 | 18:15

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.

Vendor-MediaTek Inc.

CWE ID-CWE-326

Inadequate Encryption Strength

CVE-2025-20666

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.38% / 58.65%

||

7 Day CHG~0.00%

Published-05 May, 2025 | 02:49

Updated-12 May, 2025 | 18:15

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.

CWE ID-CWE-617

Reachable Assertion

CVE-2025-20659

Assigner-MediaTek, Inc.

Product-mt6833p_firmware mt8798_firmware mt6739_firmware mt6762_firmware mt6853_firmware mt6980 mt6980d_firmware mt6769k mt6761_firmware mt6785u_firmware mt8796 mt6781_firmware mt8673_firmware mt6853t_firmware mt2737_firmware mt6899_firmware mt6985_firmware mt6896_firmware mt6765 mt6893 mt8676_firmware mt6813_firmware mt6883_firmware mt8797_firmware mt6855t mt6879_firmware mt6873 mt6983 mt6779 mt8667_firmware mt2737 mt6883 mt6765_firmware mt6991 mt8786 mt6785u mt6877t_firmware mt6991_firmware mt6855 mt6779_firmware mt8786_firmware mt8791t_firmware mt6895_firmware mt6885_firmware mt6833p mt6895tt mt8666_firmware mt6769_firmware mt6878 mt8771 mt8788e_firmware mt6990 mt6853t mt6762d mt6899 mt8766_firmware mt8768_firmware mt8678 mt6896 mt6769z mt8791t mt6980_firmware mt6879 mt6835t_firmware mt6897 mt6985t_firmware mt6769s_firmware mt6877tt mt6835t mt8768 mt6895tt_firmware mt6762m mt8675_firmware mt8676 mt6877tt_firmware mt8788 mt6890 mt6886 mt6762m_firmware mt6763 mt6983t_firmware mt6891_firmware mt8678_firmware mt6769t mt6875t_firmware mt8788e mt8667 mt6989_firmware mt6767 mt6833_firmware mt6769 mt6761 mt8797 mt8796_firmware mt6878m mt2735 mt6853 mt6989t mt6769t_firmware mt6880_firmware mt6989t_firmware mt6877 mt6855_firmware mt6878_firmware mt6878m_firmware mt6875_firmware mt6771_firmware mt6889 mt6768 mt6762d_firmware mt6897_firmware mt8771_firmware mt6873_firmware mt6769k_firmware mt6880 mt6785t mt6835_firmware mt6877t mt8765 mt6980d mt6983t mt6895 mt6877_firmware mt6985t mt6885 mt6886_firmware mt8781_firmware mt8863 mt6833 mt6889_firmware mt6783 mt6875t mt6855t_firmware mt6891 mt8666 mt6890_firmware mt8798 mt6785 mt6985 mt8673 mt6771 mt6783_firmware mt6989 mt6789 mt6768_firmware mt6765t mt6739 mt6762 mt6835 mt6983_firmware mt2735_firmware mt6763_firmware mt6875 mt6785t_firmware mt6781 mt8766 mt6765t_firmware mt8675 mt6990_firmware mt8781 mt8788_firmware mt6769s mt6785_firmware mt6769z_firmware mt6789_firmware mt6813 mt6767_firmware mt6893_firmware mt8765_firmware mt8863_firmware MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8796, MT8797, MT8798, MT8863

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.14% / 35.26%

||

7 Day CHG~0.00%

Published-07 Apr, 2025 | 03:14

Updated-11 Apr, 2025 | 13:06

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.

Vendor-MediaTek Inc.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2025-20657

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.53%

||

7 Day CHG~0.00%

Published-07 Apr, 2025 | 03:14

Updated-18 Apr, 2025 | 16:11

In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.

Product-mt6781 mt6885 mt6765 mt8781 mt8791t mt6768 mt6833 mt6877 mt8771 mt8768 mt6789 mt8786 android mt6853 MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6877, MT6885, MT8768, MT8771, MT8781, MT8786, MT8791T

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20652

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-4.6||MEDIUM

EPSS-0.01% / 0.92%

||

7 Day CHG~0.00%

Published-03 Mar, 2025 | 02:25

Updated-22 Apr, 2025 | 13:44

In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2025-20645

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-7.8||HIGH

EPSS-0.01% / 0.41%

||

7 Day CHG~0.00%

Published-03 Mar, 2025 | 02:25

Updated-22 Apr, 2025 | 13:47

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.

Product-mt6893 mt6765 mt6989 mt6835 mt6768 mt6855 mt6853 android mt6886 mt6879 mt6983 mt8796 mt6897 mt6985 mt6833 MT6765, MT6768, MT6833, MT6835, MT6853, MT6855, MT6879, MT6886, MT6893, MT6897, MT6983, MT6985, MT6989, MT8796

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20644

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.23% / 45.70%

||

7 Day CHG~0.00%

Published-03 Mar, 2025 | 02:25

Updated-22 Apr, 2025 | 13:48

In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.

CWE ID-CWE-1286

Improper Validation of Syntactic Correctness of Input

CVE-2025-20643

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-5.7||MEDIUM

EPSS-0.01% / 0.53%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:24

Updated-04 Feb, 2025 | 15:19

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.

CWE ID-CWE-1295

Debug Messages Revealing Unnecessary Information

CWE ID-CWE-125

Out-of-bounds Read

CVE-2025-20642

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.01% / 0.85%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:24

Updated-04 Feb, 2025 | 15:20

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20641

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-7.3||HIGH

EPSS-0.01% / 0.31%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:24

Updated-04 Feb, 2025 | 15:22

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20640

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.01% / 0.58%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:24

Updated-04 Feb, 2025 | 15:22

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2025-20639

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.01% / 0.85%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:24

Updated-04 Feb, 2025 | 15:24

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20638

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-4.6||MEDIUM

EPSS-0.01% / 0.58%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:23

Updated-03 Feb, 2025 | 19:40

In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.

CWE ID-CWE-457

Use of Uninitialized Variable

CWE ID-CWE-908

Use of Uninitialized Resource

CVE-2024-20142

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.01% / 0.85%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:23

Updated-03 Feb, 2025 | 18:15

In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20141

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.8||MEDIUM

EPSS-0.01% / 0.85%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:23

Updated-03 Feb, 2025 | 19:37

In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.

CWE ID-CWE-123

Write-what-where Condition

CWE ID-CWE-787

Out-of-bounds Write

CVE-2025-20636

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.44%

||

7 Day CHG~0.00%

Published-03 Feb, 2025 | 03:23

Updated-19 Mar, 2025 | 18:15

In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20150

Assigner-MediaTek, Inc.

Product-mt6769 mt6989 mt6877t mt6855 lr13 mt6990 mt6873 mt6880t mt6983t mt6895tt lr12a mt8788e mt8676 mt8797 mt6833p mt8666 mt6785t mt6789 mt6985 mt6980d mt6785u mt8863 mt8675 mt6899 nr15 nr17 mt6853t mt6785 mt6877 mt6769z mt8765 mt8786 mt6991 mt6893 mt6783 mt6980 mt6891 mt8673 mt8788 mt8791t mt6877tt mt6883 mt6767 mt6769s mt2737 mt8771 mt6985t mt6885 mt6875t mt6875 mt6889 mt6768 mt6880u mt6769t mt8789 mt6886 mt8678 mt6897 mt8768 mt6835t mt6878 mt6880 mt2735 mt6989t mt8766 mt8798 mt6878m mt6855t mt6781 mt8795t mt6779 nr16 mt6835 mt6890 mt6896 mt6853 mt6769k mt6895 mt8781 mt6879 MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-2.09% / 83.32%

||

7 Day CHG~0.00%

Published-06 Jan, 2025 | 03:17

Updated-22 Apr, 2025 | 13:50

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.

Vendor-MediaTek Inc.

CWE ID-CWE-502

Deserialization of Untrusted Data

CVE-2024-20105

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.87%

||

7 Day CHG~0.00%

Published-06 Jan, 2025 | 03:17

Updated-22 Apr, 2025 | 13:49

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20144

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.6||MEDIUM

EPSS-0.01% / 1.46%

||

7 Day CHG~0.00%

Published-06 Jan, 2025 | 03:17

Updated-22 Apr, 2025 | 13:50

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20140

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.57%

||

7 Day CHG~0.00%

Published-06 Jan, 2025 | 03:17

Updated-22 Apr, 2025 | 13:49

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020.

Vendor-The Linux Foundation MediaTek Inc.Google LLC

Product-mt6893 mt8532 mt6885 mt6768 mt8518s mt6739 mt6877 mt6761 mt6853 android mt6781 mt6833 yocto MT6739, MT6761, MT6768, MT6781, MT6833, MT6853, MT6877, MT6885, MT6893, MT8518S, MT8532

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20135

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.72%

||

7 Day CHG~0.00%

Published-02 Dec, 2024 | 03:07

Updated-22 Apr, 2025 | 13:55

In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20130

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.80%

||

7 Day CHG~0.00%

Published-02 Dec, 2024 | 03:07

Updated-22 Apr, 2025 | 13:56

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-20127

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.21% / 43.63%

||

7 Day CHG~0.00%

Published-02 Dec, 2024 | 03:06

Updated-22 Apr, 2025 | 13:54

In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023.

Product-mt6989 mt8771 mt6885 mt6889 mt6768 mt6855 mt6886 mt8321 mt6873 mt8678 mt6897 mt8766r mt8768 mt6878 mt6833 mt8788e mt8781 mt6739 mt8797 mt6761 mt8666 mt6789 mt6985 mt8766 mt8667 mt8863t mt6580 mt8798 mt6785 mt6877 mt8765 mt8786 mt6781 mt6779 mt6893 mt6765 mt6835 mt8673 mt6896 mt6853 android mt6983 mt6879 mt6883 mt6895 mt8788 mt8791t MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T mt6896 mt6855 mt6873 mt6893 mt8765 mt8788e mt6580 mt6886 mt8788 mt8791t mt6983 mt8666 mt6878 mt6765 mt6883 mt6835 mt6739 mt8768 mt6761 mt8797 mt6889 mt8321 mt6768 mt8766r mt8781 mt8766 mt8786 mt8678 mt6985 mt6833 mt6885 mt8673 mt8863t mt6989 mt6877 mt6781 mt6853 mt8667 mt6895 mt6789 mt8798 mt6779 mt6897 mt6785 mt8771 mt6879

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-20128

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.21% / 43.63%

||

7 Day CHG~0.00%

Published-02 Dec, 2024 | 03:06

Updated-22 Apr, 2025 | 13:54

In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2024.

Product-mt6989 mt8771 mt6885 mt6889 mt6768 mt6855 mt6886 mt8321 mt6873 mt8678 mt6897 mt8766r mt8768 mt6878 mt6833 mt8788e mt8781 mt6739 mt8797 mt6761 mt8666 mt6789 mt6985 mt8766 mt8667 mt8863t mt6580 mt8798 mt6785 mt6877 mt8765 mt8786 mt6781 mt6779 mt6893 mt6765 mt6835 mt8673 mt6896 mt6853 android mt6983 mt6879 mt6883 mt6895 mt8788 mt8791t MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T mt6896 mt6855 mt6873 mt6893 mt8765 mt8788e mt6580 mt6886 mt8788 mt8791t mt6983 mt8666 mt6878 mt6765 mt6883 mt6835 mt6739 mt8768 mt6761 mt8797 mt6889 mt8321 mt6768 mt8766r mt8781 mt8766 mt8786 mt8678 mt6985 mt6833 mt6885 mt8673 mt8863t mt6989 mt6877 mt6781 mt6853 mt8667 mt6895 mt6789 mt8798 mt6779 mt6897 mt6785 mt8771 mt6879

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-20129

Assigner-MediaTek, Inc.

Product-mt6886 mt6765 mt8791t mt8678 mt6835 mt8673 mt8667 mt6893 mt6889 mt6789 mt6761 android mt6896 mt8781 mt6781 mt6877 mt8321 mt8798 mt8765 mt6983 mt6855 mt6883 mt6853 mt6779 mt6895 mt6785 mt8863t mt6739 mt8766r mt8788 mt8768 mt6989 mt8797 mt8786 mt6873 mt6580 mt8766 mt8666 mt6833 mt6878 mt6985 mt6768 mt6885 mt8771 mt8788e mt6879 mt6897 MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T mt6886 mt6765 mt8791t mt8678 mt6835 mt8673 mt8667 mt6893 mt6889 mt6789 mt6761 mt6896 mt8781 mt6781 mt6877 mt8321 mt8798 mt8765 mt6983 mt6855 mt6883 mt6853 mt6779 mt6895 mt6785 mt8863t mt6739 mt8766r mt8788 mt8768 mt6989 mt8797 mt8786 mt6873 mt6580 mt8766 mt8666 mt6833 mt6878 mt6985 mt6768 mt6885 mt8771 mt8788e mt6879 mt6897

Assigner-MediaTek, Inc.

CVSS Score-7.5||HIGH

EPSS-0.21% / 43.63%

||

7 Day CHG~0.00%

Published-02 Dec, 2024 | 03:06

Updated-13 Mar, 2025 | 18:15

In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025.

Vendor-Google LLC MediaTek Inc.

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-20125

Assigner-MediaTek, Inc.

Assigner-MediaTek, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.01% / 0.75%

||

7 Day CHG~0.00%

Published-02 Dec, 2024 | 03:06

Updated-22 Apr, 2025 | 13:54

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.

Product-mt8390 mt8195 mt8370 mt8771 mt6885 mt6889 mt6768 mt8395 mt6855 mt6886 mt8321 mt6873 mt8768 mt6833 mt8365 mt8781 mt8797 mt6761 mt8666 mt6789 mt6985 mt8175 mt8766 mt8667 mt6580 mt8798 mt6785 mt6877 mt8765 mt8786 mt8385 mt6781 mt6779 mt6893 mt6765 mt6835 mt8673 mt6853 android mt6983 mt6879 mt6883 mt6895 mt8788 mt8791t MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798 mt6855 mt8175 mt6873 mt6893 mt8765 mt6580 mt6886 mt8370 mt8395 mt8788 mt8791t mt6983 mt8666 mt6765 mt6883 mt8390 mt6835 mt8768 mt6761 mt8797 mt6889 mt8321 mt6768 mt8781 mt8766 mt8786 mt6985 mt8385 mt6833 mt6885 mt8673 mt6877 mt6781 mt8365 mt8195 mt6853 mt8667 mt6895 mt6789 mt8798 mt6779 mt6785 mt8771 mt6879

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-38415

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.56%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 19:41

Use After Free in Computer Vision

Memory corruption while handling session errors from firmware.

CWE ID-CWE-416

Use After Free

CVE-2024-38410

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.56%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Stack-based Buffer Overflow in WLAN Windows Host

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.

Product-fastconnect_7800 wsa8830 wcd9380_firmware sdm429w qcs6490 qcm6490_firmware wsa8840_firmware fastconnect_6900 fastconnect_6900_firmware sc8380xp_firmware qcc2073 wsa8840 wsa8835 sdm429w_firmware fastconnect_6700_firmware wcd9380 fastconnect_7800_firmware wsa8845h fastconnect_6700 video_collaboration_vc3_platform snapdragon_8cx_gen_3_compute_platform wcd9370 qcm5430 qcs5430 qcm5430_firmware wcd9385 video_collaboration_vc3_platform_firmware qcs6490_firmware qcc2076_firmware qcs5430_firmware wcd9385_firmware wsa8845 qcc2073_firmware wcd9375 wcd9370_firmware wcn3660b wsa8830_firmware qcc2076 wsa8845_firmware wcn3620_firmware qcm6490 wcn3660b_firmware wsa8835_firmware wcn3620 snapdragon_429_mobile_platform_firmware sc8380xp wsa8845h_firmware wcd9375_firmware snapdragon_429_mobile_platform snapdragon_8cx_gen_3_compute_platform_firmware Snapdragon qcm5430_firmware wcd9380_firmware qcs6490_firmware qcm6490_firmware qcc2076_firmware wsa8840_firmware qcs5430_firmware qualcomm_video_collaboration_vc3_platform_firmware wcd9385_firmware fastconnect_6900_firmware qcc2073_firmware wcd9370_firmware sc8380xp_firmware wsa8830_firmware wsa8845_firmware wcn3620_firmware sdm429w_firmware fastconnect_6700_firmware wcn3660b_firmware wsa8835_firmware snapdragon_429_mobile_platform_firmware fastconnect_7800_firmware wcd9375_firmware wsa8845h_firmware

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-38409

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.03% / 7.56%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Buffer Copy Without Checking Size of Input in WLAN Windows Host

Memory corruption while station LL statistic handling.

Product-fastconnect_7800 wsa8830 wcd9380_firmware sdm429w qcs6490 qcm6490_firmware wsa8840_firmware fastconnect_6900 fastconnect_6900_firmware sc8380xp_firmware qcc2073 wsa8840 wsa8835 sdm429w_firmware fastconnect_6700_firmware wcd9380 fastconnect_7800_firmware wsa8845h fastconnect_6700 video_collaboration_vc3_platform snapdragon_8cx_gen_3_compute_platform wcd9370 qcm5430 qcs5430 qcm5430_firmware wcd9385 video_collaboration_vc3_platform_firmware qcs6490_firmware qcc2076_firmware qcs5430_firmware wcd9385_firmware wsa8845 qcc2073_firmware wcd9375 wcd9370_firmware wcn3660b wsa8830_firmware qcc2076 wsa8845_firmware wcn3620_firmware qcm6490 wcn3660b_firmware wsa8835_firmware wcn3620 snapdragon_429_mobile_platform_firmware sc8380xp wsa8845h_firmware wcd9375_firmware snapdragon_429_mobile_platform snapdragon_8cx_gen_3_compute_platform_firmware Snapdragon qcm5430_firmware wcd9380_firmware qcs6490_firmware qcm6490_firmware qcc2076_firmware wsa8840_firmware qcs5430_firmware qualcomm_video_collaboration_vc3_platform_firmware wcd9385_firmware fastconnect_6900_firmware qcc2073_firmware wcd9370_firmware sc8380xp_firmware wsa8830_firmware wsa8845_firmware wcn3620_firmware sdm429w_firmware fastconnect_6700_firmware wcn3660b_firmware wsa8835_firmware snapdragon_429_mobile_platform_firmware fastconnect_7800_firmware wcd9375_firmware wsa8845h_firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-38408

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-8.2||HIGH

EPSS-0.07% / 22.94%

||

7 Day CHG+0.01%

Published-04 Nov, 2024 | 10:04

Updated-08 Nov, 2024 | 15:07

Cryptographic Issues in BT Controller

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

CWE ID-CWE-310

Not Available

CVE-2024-38407

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.28%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Time-of-check Time-of-use (TOCTOU) Race Condition in Camera

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver.

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2024-38406

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.8||HIGH

EPSS-0.02% / 3.28%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Time-of-check Time-of-use (TOCTOU) Race Condition in Camera

Memory corruption while handling IOCTL calls in JPEG Encoder driver.

Product-wsa8830 wcd9380_firmware snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"sdm429w snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)_firmware snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmware fastconnect_6800 snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"wsa8840 wsa8835 sdm429w_firmware snapdragon_7c\+_gen_3_compute sc8180x\+sdx55 wcd9380 qca6420_firmware fastconnect_6700 video_collaboration_vc3_platform wcd9370 snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"qcm5430_firmware video_collaboration_vc3_platform_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"_firmware qca6430_firmware snapdragon_8cx_compute_platform_\(sc8180x-aa\,_ab\)_firmware wcd9385_firmware wsa8845 snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)fastconnect_6200 wcd9340_firmware wcn3660b wsa8815 wsa8845_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\,_af\)_\"poipu_pro\"wcn3660b_firmware snapdragon_429_mobile_platform_firmware sc8380xp fastconnect_6200_firmware wsa8845h_firmware wcd9375_firmware qca6391 qca6420 snapdragon_429_mobile_platform fastconnect_7800 snapdragon_7c_compute_platform_firmware aqt1000_firmware qcs6490 qcm6490_firmware wsa8840_firmware snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\,_ab\)fastconnect_6900 fastconnect_6900_firmware sc8380xp_firmware snapdragon_8cx_compute_platform_\(sc8180xp-ac\,_af\)_\"poipu_pro\"_firmware qca6430 sm6250 wcd9340 fastconnect_6700_firmware wsa8810_firmware wcd9341_firmware fastconnect_7800_firmware wsa8810 wsa8845h qcm5430 qcs5430 wcd9385 wcd9341 snapdragon_8c_compute_platform_\(sc8180x-ad\)_\"poipu_lite\"_firmware snapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"qcs6490_firmware qcs5430_firmware qca6391_firmware wcd9375 wcd9370_firmware aqt1000 snapdragon_8c_compute_platform_\(sc8180xp-ad\)_\"poipu_lite\"_firmware sm6250_firmware sc8180x\+sdx55_firmware wsa8830_firmware wcn3620_firmware snapdragon_7c\+_gen_3_compute_firmware wsa8815_firmware qcm6490 wsa8835_firmware wcn3620 snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\,_bb\)_firmware fastconnect_6800_firmware snapdragon_7c_compute_platform Snapdragon aqt1000_firmware wcd9380_firmware qcm6490_firmware wsa8840_firmware fastconnect_6900_firmware sc8380xp_firmware sdm429w_firmware fastconnect_6700_firmware wsa8810_firmware wcd9341_firmware fastconnect_7800_firmware qca6420_firmware qcm5430_firmware qca6430_firmware qcs6490_firmware qcs5430_firmware qualcomm_video_collaboration_vc3_platform_firmware qca6391_firmware wcd9385_firmware wcd9370_firmware wcd9340_firmware sm6250_firmware wsa8830_firmware wsa8845_firmware wcn3620_firmware wsa8815_firmware wcn3660b_firmware wsa8835_firmware snapdragon_429_mobile_platform_firmware fastconnect_6200_firmware wcd9375_firmware wsa8845h_firmware fastconnect_6800_firmware

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2024-38405

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.16% / 37.67%

||

7 Day CHG+0.01%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 20:06

Buffer Over-read in WLAN Host

Transient DOS while processing the CU information from RNR IE.

CWE ID-CWE-126

Buffer Over-read

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-38403

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.21% / 43.46%

||

7 Day CHG+0.02%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 20:06

Buffer Over-read in WLAN Firmware

Transient DOS while parsing BTM ML IE when per STA profile is not included.

CWE ID-CWE-126

Buffer Over-read

CWE ID-CWE-125

Out-of-bounds Read

CVE-2024-33068

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.21% / 43.46%

||

7 Day CHG+0.02%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 20:07

Use After Free in WLAN Host Communication

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

CWE ID-CWE-416

Use After Free

CVE-2024-33033

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 5.12%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-08 Nov, 2024 | 04:55

Use After Free in ComputerVision

Memory corruption while processing IOCTL calls to unmap the buffers.

Product-fastconnect_7800 wsa8830 wcd9380_firmware sm7550 qcm8550_firmware wcd9378_firmware wcn6650_firmware wsa8840_firmware wsa8832_firmware fastconnect_6900 sg8275p_firmware qcm8550 fastconnect_6900_firmware qcs8550_firmware wcn6650 sg8275_firmware wcn7880_firmware sm7525 wsa8840 wsa8835 snapdragon_8\+_gen_2_mobile_platform_firmware wcd9380 wcn6755_firmware snapdragon_8\+_gen_2_mobile_platform fastconnect_7800_firmware wsa8845h wsa8832 wcn6755 wcd9395_firmware wcd9370 sm8550p sm7525_firmware snapdragon_8_gen_2_mobile_platform_firmware wcd9385 sg8275p snapdragon_8_gen_2_mobile_platform wcd9395 wcd9371 wcd9371_firmware wcd9385_firmware wsa8845 qcs8550 wcd9375 wcd9370_firmware sm8550p_firmware wcd9390 wcd9390_firmware wsa8830_firmware wsa8845_firmware sm7550_firmware wsa8835_firmware sg8275 wsa8845h_firmware wcd9375_firmware wcd9378 wcn7880 Snapdragon sm7525_firmware wcd9380_firmware qcm8550_firmware wcd9378_firmware wcn6650_firmware wsa8832_firmware wsa8840_firmware wcd9371_firmware sg8275p_firmware wcd9385_firmware fastconnect_6900_firmware qcs8550_firmware wcd9370_firmware sm8550p_firmware sg8275_firmware wcd9390_firmware wcn7880_firmware wsa8830_firmware wsa8845_firmware sm7550_firmware wsa8835_firmware fastconnect_7800_firmware wcn6755_firmware wcd9375_firmware wsa8845h_firmware wcd9395_firmware snapdragon_8_gen_2_mobile_platform_firmware

CWE ID-CWE-416

Use After Free

CVE-2024-33032

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.03%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-08 Nov, 2024 | 04:55

Improper Validation of Array Index in Camera_Linux

Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it.

CWE ID-CWE-129

Improper Validation of Array Index

CVE-2024-33031

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.19%

||

7 Day CHG-0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Improper Input Validation in RIL

Memory corruption while processing the update SIM PB records request.

Product-fastconnect_7800 qca8337_firmware snapdragon_x72_5g_modem-rf_system qcn6274_firmware sdm429w qca8337 snapdragon_x75_5g_modem-rf_system_firmware qfw7124 qcn6224_firmware sdm429w_firmware wcd9340 qcn6274 qcn6224 fastconnect_7800_firmware snapdragon_x72_5g_modem-rf_system_firmware snapdragon_x75_5g_modem-rf_system qca8081 qcc710 qfw7114_firmware ar8035 wcd9340_firmware wcn3660b qcc710_firmware wcn3620_firmware wcn3660b_firmware wcn3620 snapdragon_429_mobile_platform_firmware qca8081_firmware qfw7124_firmware qfw7114 snapdragon_429_mobile_platform ar8035_firmware Snapdragon qca8337_firmware qcn6274_firmware qfw7114_firmware snapdragon_x75_5g_modem-rf_system_firmware wcd9340_firmware qcc710_firmware qcn6224_firmware wcn3620_firmware sdm429w_firmware wcn3660b_firmware snapdragon_429_mobile_platform_firmware fastconnect_7800_firmware qca8081_firmware snapdragon_x72_5g_modem-rf_system_firmware qfw7124_firmware ar8035_firmware

CWE ID-CWE-20

Improper Input Validation

CVE-2024-33030

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.03%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-08 Nov, 2024 | 04:55

Buffer Copy without Checking Size of Input (`Classic Buffer Overflow`) in Performance

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.

Product-fastconnect_7800 qca9377_firmware snapdragon_8_gen_1_mobile_platform qca6584au wcd9380_firmware wsa8830 qca9367_firmware qca8337_firmware snapdragon_x72_5g_modem-rf_system qcn6274_firmware qca8337 qca6698aq snapdragon_x75_5g_modem-rf_system_firmware qfw7124 qca9367 fastconnect_6900_firmware fastconnect_6900 qcn6224_firmware wsa8835 wcd9340 wcd9380 qcn6274 qcn6224 fastconnect_7800_firmware snapdragon_x72_5g_modem-rf_system_firmware snapdragon_x75_5g_modem-rf_system snapdragon_8_gen_1_mobile_platform_firmware qca8081 snapdragon_auto_5g_modem-rf_gen_2 qca6698aq_firmware snapdragon_auto_5g_modem-rf_gen_2_firmware qcc710 qca6584au_firmware qca9377 qfw7114_firmware ar8035 wcd9340_firmware qcc710_firmware wsa8830_firmware wsa8835_firmware qca8081_firmware qfw7124_firmware qfw7114 ar8035_firmware Snapdragon qca9377_firmware qca8337_firmware qca9367_firmware wcd9380_firmware snapdragon_auto_5g_modem-rf_gen_2_firmware qca6584au_firmware qcn6274_firmware qfw7114_firmware snapdragon_x75_5g_modem-rf_system_firmware fastconnect_6900_firmware wcd9340_firmware qcc710_firmware qcn6224_firmware wsa8830_firmware wsa8835_firmware fastconnect_7800_firmware snapdragon_x72_5g_modem-rf_system_firmware qca8081_firmware qfw7124_firmware snapdragon_8_gen_1_mobile_platform_firmware ar8035_firmware qca6698aq_firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-33029

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.03%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-08 Nov, 2024 | 04:55

Use After Free in DSP Services

Memory corruption while handling the PDR in driver for getting the remote heap maps.

Product-qca6584au snapdragon_auto_5g_modem-rf_gen_2_firmware qca6584au_firmware snapdragon_auto_5g_modem-rf_gen_2 qca6698aq qca6698aq_firmware Snapdragon qca6584au_firmware qca6698aq_firmware snapdragon_auto_5g_modem-rf_gen_2_firmware

CWE ID-CWE-416

Use After Free

CVE-2024-23386

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 7.19%

||

7 Day CHG-0.00%

Published-04 Nov, 2024 | 10:04

Updated-16 Nov, 2024 | 04:55

Improper Input Validation in Video

memory corruption when WiFi display APIs are invoked with large random inputs.

CWE ID-CWE-20

Improper Input Validation

CVE-2024-23385

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-7.5||HIGH

EPSS-0.07% / 20.97%

||

7 Day CHG+0.01%

Published-04 Nov, 2024 | 10:04

Updated-07 Nov, 2024 | 20:05

Reachable Assertion in Modem

Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE.

CWE ID-CWE-617

Reachable Assertion

CVE-2024-23377

Assigner-Qualcomm, Inc.

Assigner-Qualcomm, Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 6.03%

||

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:04

Updated-08 Nov, 2024 | 04:55

Use of Out-of-range Pointer Offset in ComputerVision

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.

Product-wsa8830 sm7550 wcd9380_firmware ssg2125p sxr2230p_firmware wcd9378_firmware sg8275p_firmware qcm8550 qcs7230_firmware sm7525 wsa8840 wsa8835 sxr1230p_firmware snapdragon_8\+_gen_2_mobile_platform_firmware sd_8_gen1_5g wcd9380 wcn6755_firmware wcd9370 ssg2125p_firmware ssg2115p wcn7880 sxr1230p sg8275p snapdragon_8_gen_2_mobile_platform wcd9371_firmware wcd9385_firmware wsa8845 sd_8_gen1_5g_firmware sxr2230p wsa8845_firmware sm7550_firmware qcs8250 wsa8845h_firmware wcd9375_firmware qca6391 fastconnect_7800 qcm8550_firmware wcn6650_firmware wsa8840_firmware wsa8832_firmware fastconnect_6900 video_collaboration_vc5_platform fastconnect_6900_firmware qcs8550_firmware wcn6650 sg8275_firmware wcn7880_firmware qcs8250_firmware snapdragon_8\+_gen_2_mobile_platform fastconnect_7800_firmware wsa8845h wcn6755 wcd9395_firmware snapdragon_ar2_gen_1_platform_firmware wsa8832 qcs7230 sm8550p snapdragon_ar2_gen_1_platform sm7525_firmware sxr2250p wcd9385 wcd9371 wcd9395 qca6391_firmware qcs8550 wcd9375 wcd9370_firmware sm8550p_firmware wcd9390 wcd9390_firmware wsa8830_firmware wsa8835_firmware sg8275 video_collaboration_vc5_platform_firmware ssg2115p_firmware wcd9378 sxr2250p_firmware snapdragon_8_gen_2_mobile_platform_firmware Snapdragon wcd9380_firmware qcm8550_firmware sxr2230p_firmware wcd9378_firmware wcn6650_firmware wsa8832_firmware wsa8840_firmware sg8275p_firmware fastconnect_6900_firmware qcs8550_firmware qcs7230_firmware sg8275_firmware wcn7880_firmware sxr1230p_firmware qcs8250_firmware fastconnect_7800_firmware wcn6755_firmware snapdragon_ar2_gen_1_platform_firmware wcd9395_firmware ssg2125p_firmware sm7525_firmware wcd9371_firmware qca6391_firmware wcd9385_firmware wcd9370_firmware sm8550p_firmware sd_8_gen1_5g_firmware qualcomm_video_collaboration_vc5_platform_firmware wcd9390_firmware wsa8830_firmware wsa8845_firmware sm7550_firmware wsa8835_firmware ssg2115p_firmware wcd9375_firmware wsa8845h_firmware sxr2250p_firmware snapdragon_8_gen_2_mobile_platform_firmware

CWE ID-CWE-823

Use of Out-of-range Pointer Offset

CVE-2024-23590

Assigner-Apache Software Foundation

Assigner-Apache Software Foundation

CVSS Score-9.1||CRITICAL

EPSS-0.41% / 60.69%

||

7 Day CHG+0.11%

Published-04 Nov, 2024 | 09:27

Updated-10 Jul, 2025 | 21:41

Apache Kylin: Session fixation in web interface

Session Fixation vulnerability in Apache Kylin. This issue affects Apache Kylin: from 2.0.0 through 4.x. Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.

Vendor-apache_software_foundation The Apache Software Foundation

Product-kylin Apache Kylin apache_kylin

CWE ID-CWE-384

Session Fixation

CVE-2024-10760

Assigner-VulDB