CVE-2024-20104

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20104
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/November-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
History

24 Apr 2025, 15:05

Type Values Removed Values Added
First Time Mediatek mt6985
Openwrt
Mediatek mt8370
Mediatek mt6880
Mediatek mt6895
Mediatek mt6789
Mediatek mt8676
Google
Rdkcentral
Linuxfoundation yocto
Mediatek mt6989
Mediatek mt6897
Openwrt openwrt
Mediatek mt6983
Mediatek mt6879
Rdkcentral rdk-b
Google android
Mediatek mt6990
Mediatek mt8390
Mediatek
Mediatek mt6781
Mediatek mt6855
Mediatek mt6890
Mediatek mt8188
Mediatek mt6886
Mediatek mt6835
Mediatek mt6980
Mediatek mt6878
Linuxfoundation
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
Summary
  • (es) En da, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09073261; ID de problema: MSV-1772.
References () https://corp.mediatek.com/product-security-bulletin/November-2024 - () https://corp.mediatek.com/product-security-bulletin/November-2024 - Vendor Advisory

04 Nov 2024, 11:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.4

04 Nov 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-04 02:15

Updated : 2025-04-24 15:05

NVD link : CVE-2024-20104

Mitre link : CVE-2024-20104

CVE.ORG link : CVE-2024-20104

JSON object : View

Products Affected

mediatek

  • mt6980
  • mt6990
  • mt6855
  • mt8390
  • mt6983
  • mt8676
  • mt6989
  • mt6789
  • mt6781
  • mt6895
  • mt6879
  • mt6985
  • mt8188
  • mt6835
  • mt6886
  • mt6880
  • mt6890
  • mt6878
  • mt8370
  • mt6897

google

  • android

linuxfoundation

  • yocto

openwrt

  • openwrt

rdkcentral

  • rdk-b
CWE
CWE-787

Out-of-bounds Write