In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/September-2024 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
05 Sep 2024, 14:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://corp.mediatek.com/product-security-bulletin/September-2024 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
First Time |
Mediatek mt8667
Mediatek mt8385 Mediatek mt8666 Mediatek mt8789 Mediatek mt6785 Google android Mediatek mt8768 Mediatek mt8781 Mediatek mt6768 Mediatek mt8788 Mediatek Mediatek mt8766 Mediatek mt6765 Mediatek mt6779 |
|
CPE | cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:* |
03 Sep 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Sep 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-02 05:15
Updated : 2024-09-05 14:26
NVD link : CVE-2024-20087
Mitre link : CVE-2024-20087
CVE.ORG link : CVE-2024-20087
JSON object : View
Products Affected
mediatek
- mt8768
- mt8385
- mt6768
- mt8667
- mt8788
- mt6765
- mt6785
- mt6779
- mt8766
- mt8789
- mt8666
- mt8781
- android
CWE
CWE-787
Out-of-bounds Write