CVE-2024-20102

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*

History

10 Oct 2024, 18:20

Type Values Removed Values Added
CPE cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*
First Time Google
Mediatek
Mediatek mt6989
Mediatek mt8678
Mediatek mt6990
Mediatek mt7927
Mediatek mt6985
Mediatek mt3605
Google android
Mediatek mt8893
Mediatek mt8796
Summary
  • (es) En el controlador WLAN, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría provocar la divulgación de información remota con privilegios de ejecución de System necesarios. No se necesita interacción del usuario para la explotación. ID de parche: ALPS08998892; ID de problema: MSV-1601.
References () https://corp.mediatek.com/product-security-bulletin/October-2024 - () https://corp.mediatek.com/product-security-bulletin/October-2024 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.9

07 Oct 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-07 03:15

Updated : 2024-10-10 18:20


NVD link : CVE-2024-20102

Mitre link : CVE-2024-20102

CVE.ORG link : CVE-2024-20102


JSON object : View

Products Affected

google

  • android

mediatek

  • mt8796
  • mt6985
  • mt3605
  • mt8678
  • mt8893
  • mt6989
  • mt7927
  • mt6990
CWE
CWE-125

Out-of-bounds Read