CVE-2024-20087

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*

History

05 Sep 2024, 14:26

Type Values Removed Values Added
References () https://corp.mediatek.com/product-security-bulletin/September-2024 - () https://corp.mediatek.com/product-security-bulletin/September-2024 - Vendor Advisory
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 6.7
First Time Mediatek mt8667
Mediatek mt8385
Mediatek mt8666
Mediatek mt8789
Mediatek mt6785
Google android
Mediatek mt8768
Mediatek mt8781
Mediatek mt6768
Google
Mediatek mt8788
Mediatek
Mediatek mt8766
Mediatek mt6765
Mediatek mt6779
CPE cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*

03 Sep 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En vdec, existe una posible escritura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar una escalada local de privilegios, siendo necesarios los privilegios de ejecución de System. No se necesita interacción del usuario para la explotación. ID de parche: ALPS08932916; ID de problema: MSV-1550.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-05 14:26


NVD link : CVE-2024-20087

Mitre link : CVE-2024-20087

CVE.ORG link : CVE-2024-20087


JSON object : View

Products Affected

mediatek

  • mt6768
  • mt8788
  • mt8789
  • mt8766
  • mt8666
  • mt8385
  • mt8667
  • mt8781
  • mt6779
  • mt6785
  • mt6765
  • mt8768

google

  • android
CWE
CWE-787

Out-of-bounds Write