CVE-2024-20147

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20147
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/February-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3603:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
History

22 Apr 2025, 13:50

Type Values Removed Values Added
Summary
  • (es) En Bluetooth FW, existe una posible afirmación de accesibilidad debido a una gestión inadecuada de excepciones. Esto podría provocar una denegación de servicio remota sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: WCNCR00389046 (Nota: para conjuntos de chips MT79XX) / ALPS09136501 (Nota: para conjuntos de chips MT2737, MT3603, MT6XXX y MT8XXX); ID de problema: MSV-1797.
First Time Mediatek mt6985
Mediatek mt7922
Openwrt
Mediatek mt8370
Mediatek mt7902
Mediatek mt8518s
Mediatek mt7920
Google
Linuxfoundation yocto
Mediatek mt7927
Mediatek mt8395
Mediatek software Development Kit
Mediatek mt8532
Mediatek mt6989
Mediatek mt6897
Openwrt openwrt
Google android
Mediatek mt6990
Mediatek mt8390
Mediatek mt7921
Mediatek
Mediatek mt2737
Mediatek mt8678
Mediatek mt8195
Mediatek mt6886
Mediatek mt6835
Mediatek mt7925
Mediatek mt3603
Mediatek mt6878
Linuxfoundation
References () https://corp.mediatek.com/product-security-bulletin/February-2025 - () https://corp.mediatek.com/product-security-bulletin/February-2025 - Vendor Advisory
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3603:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:5.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*

03 Feb 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

03 Feb 2025, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-03 04:15

Updated : 2025-04-22 13:50

NVD link : CVE-2024-20147

Mitre link : CVE-2024-20147

CVE.ORG link : CVE-2024-20147

JSON object : View

Products Affected

mediatek

  • mt6897
  • mt6990
  • mt6886
  • mt7921
  • mt6878
  • mt8195
  • mt8518s
  • mt6989
  • mt7902
  • mt6835
  • mt7927
  • mt8370
  • mt8395
  • mt7922
  • mt7920
  • mt2737
  • mt6985
  • mt8390
  • mt8532
  • mt8678
  • software_development_kit
  • mt3603
  • mt7925

google

  • android

openwrt

  • openwrt

linuxfoundation

  • yocto
CWE
CWE-617

Reachable Assertion