CVE-2024-20036 - Vulnerability Details

Vendors	Products
Mediatek	Mt6835 Mt6855 Mt6879 Mt6886 Mt6895 Mt6983 Mt6985 Mt8792 Mt8796 Mt8798

Link	Providers
https://corp.mediatek.com/product-security-bulletin/March-2024

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt6835 Mediatek mt6855 Mediatek mt6879 Mediatek mt6886 Mediatek mt6895 Mediatek mt6983 Mediatek mt6985 Mediatek mt8792 Mediatek mt8796 Mediatek mt8798
CPEs		cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6855:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6985:-:::::::* cpe:2.3:h:mediatek:mt8792:-:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::*
Vendors & Products		Mediatek Mediatek mt6835 Mediatek mt6855 Mediatek mt6879 Mediatek mt6886 Mediatek mt6895 Mediatek mt6983 Mediatek mt6985 Mediatek mt8792 Mediatek mt8796 Mediatek mt8798
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Weaknesses		CWE-284

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20036", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2023-11-02T13:35:35.153Z", "datePublished": "2024-03-04T02:43:51.821Z", "dateUpdated": "2025-03-20T19:08:25.591Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-03-04T02:43:51.821Z"}, "descriptions": [{"lang": "en", "value": "In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8792, MT8796, MT8798", "versions": [{"version": "Android 12.0, 13.0, 14.0", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Information Disclosure"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.630Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "mediatek", "product": "mt6835", "cpes": ["cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt6855", "cpes": ["cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt6879", "cpes": ["cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt6886", "cpes": ["cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt6895", "cpes": ["cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt6983", "cpes": ["cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt6985", "cpes": ["cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt8792", "cpes": ["cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt8796", "cpes": ["cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt8798", "cpes": ["cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-26T20:55:14.066652Z", "id": "CVE-2024-20036", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T19:08:25.591Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-20036 (string)

assignerOrgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

state : PUBLISHED (string)

assignerShortName : MediaTek (string)

dateReserved : 2023-11-02T13:35:35.153Z (string)

datePublished : 2024-03-04T02:43:51.821Z (string)

dateUpdated : 2025-03-20T19:08:25.591Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

shortName : MediaTek (string)

dateUpdated : 2024-03-04T02:43:51.821Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. (string)

}

]

affected : [ »

0 : { »

vendor : MediaTek, Inc. (string)

product : MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8792, MT8796, MT8798 (string)

versions : [ »

0 : { »

version : Android 12.0, 13.0, 14.0 (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/March-2024 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : Information Disclosure (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T21:52:31.630Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/March-2024 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-284 (string)

lang : en (string)

description : CWE-284 Improper Access Control (string)

}

]

}

]

affected : [ »

0 : { »

vendor : mediatek (string)

product : mt6835 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : mediatek (string)

product : mt6855 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : mediatek (string)

product : mt6879 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : mediatek (string)

product : mt6886 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : mediatek (string)

product : mt6895 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

5 : { »

vendor : mediatek (string)

product : mt6983 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

6 : { »

vendor : mediatek (string)

product : mt6985 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

7 : { »

vendor : mediatek (string)

product : mt8792 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

8 : { »

vendor : mediatek (string)

product : mt8796 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

9 : { »

vendor : mediatek (string)

product : mt8798 (string)

cpes : [ »

0 : cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThanOrEqual : * (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 4.4 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-08-26T20:55:14.066652Z (string)

id : CVE-2024-20036 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-20T19:08:25.591Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.630Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-20036", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-26T20:55:14.066652Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6835", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6855", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6879", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6886", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6895", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6983", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6985", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt8792", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt8796", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt8798", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T20:52:47.785Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8792, MT8796, MT8798", "versions": [{"status": "affected", "version": "Android 12.0, 13.0, 14.0"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}], "descriptions": [{"lang": "en", "value": "In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information Disclosure"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-03-04T02:43:51.821Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20036", "state": "PUBLISHED", "dateUpdated": "2025-03-20T19:08:25.591Z", "dateReserved": "2023-11-02T13:35:35.153Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2024-03-04T02:43:51.821Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/March-2024 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T21:52:31.630Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 4.4 (number)

attackVector : LOCAL (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-20036 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-08-26T20:55:14.066652Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6835 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6855 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6879 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6886 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6895 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

5 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6983 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

6 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt6985 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

7 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt8792 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

8 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt8796 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

9 : { »

cpes : [ »

0 : cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:* (string)

]

vendor : mediatek (string)

product : mt8798 (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : custom (string)

lessThanOrEqual : * (string)

}

]

defaultStatus : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-284 (string)

description : CWE-284 Improper Access Control (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-26T20:52:47.785Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : MediaTek, Inc. (string)

product : MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8792, MT8796, MT8798 (string)

versions : [ »

0 : { »

status : affected (string)

version : Android 12.0, 13.0, 14.0 (string)

}

]

}

]

references : [ »

0 : { »

url : https://corp.mediatek.com/product-security-bulletin/March-2024 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : Information Disclosure (string)

}

]

}

]

providerMetadata : { »

orgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

shortName : MediaTek (string)

dateUpdated : 2024-03-04T02:43:51.821Z (string)

}

cveMetadata : { »

cveId : CVE-2024-20036 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-20T19:08:25.591Z (string)

dateReserved : 2023-11-02T13:35:35.153Z (string)

assignerOrgId : ee979b05-11f8-4f25-a7e0-a1fa9c190374 (string)

datePublished : 2024-03-04T02:43:51.821Z (string)

assignerShortName : MediaTek (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508."}, {"lang": "es", "value": "En vdec, existe una posible omisi\u00f3n de permisos debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08509508; ID del problema: ALPS08509508."}], "id": "CVE-2024-20036", "lastModified": "2025-03-20T19:15:27.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-04T03:15:07.717", "references": [{"source": "security@mediatek.com", "url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. (string)

}

1 : { »

lang : es (string)

value : En vdec, existe una posible omisión de permisos debido a una omisión de permisos. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. La interacción del usuario no es necesaria para la explotación. ID de parche: ALPS08509508; ID del problema: ALPS08509508. (string)

}

]

id : CVE-2024-20036 (string)

lastModified : 2025-03-20T19:15:27.843 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 4.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 3.6 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2024-03-04T03:15:07.717 (string)

references : [ »

0 : { »

source : security@mediatek.com (string)

url : https://corp.mediatek.com/product-security-bulletin/March-2024 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://corp.mediatek.com/product-security-bulletin/March-2024 (string)

}

]

sourceIdentifier : security@mediatek.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-284 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object