OpenCVE

In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Mediatek	Mt6765 Mt6768 Mt6779 Mt6785 Mt8321 Mt8385 Mt8666 Mt8667 Mt8755 Mt8765 Mt8766 Mt8768 Mt8771 Mt8775 Mt8781 Mt8786 Mt8788 Mt8789 Mt8791t Mt8792 Mt8795t Mt8796 Mt8797 Mt8798

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/August-2024

History

Wed, 21 Aug 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt6765 Mediatek mt6768 Mediatek mt6779 Mediatek mt6785 Mediatek mt8321 Mediatek mt8385 Mediatek mt8666 Mediatek mt8667 Mediatek mt8755 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8771 Mediatek mt8775 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8789 Mediatek mt8791t Mediatek mt8792 Mediatek mt8795t Mediatek mt8796 Mediatek mt8797 Mediatek mt8798
CPEs		cpe:2.3:h:mediatek:mt6765:-:::::::* cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt6779:-:::::::* cpe:2.3:h:mediatek:mt6785:-:::::::* cpe:2.3:h:mediatek:mt8321:-:::::::* cpe:2.3:h:mediatek:mt8385:-:::::::* cpe:2.3:h:mediatek:mt8666:-:::::::* cpe:2.3:h:mediatek:mt8667:-:::::::* cpe:2.3:h:mediatek:mt8755:-:::::::* cpe:2.3:h:mediatek:mt8765:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt8771:-:::::::* cpe:2.3:h:mediatek:mt8775:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8789:-:::::::* cpe:2.3:h:mediatek:mt8791t:-:::::::* cpe:2.3:h:mediatek:mt8792:-:::::::* cpe:2.3:h:mediatek:mt8795t:-:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:h:mediatek:mt8797:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::*
Vendors & Products		Mediatek Mediatek mt6765 Mediatek mt6768 Mediatek mt6779 Mediatek mt6785 Mediatek mt8321 Mediatek mt8385 Mediatek mt8666 Mediatek mt8667 Mediatek mt8755 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8771 Mediatek mt8775 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8789 Mediatek mt8791t Mediatek mt8792 Mediatek mt8795t Mediatek mt8796 Mediatek mt8797 Mediatek mt8798
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 03:15:00 +0000

Type	Values Removed	Values Added
Description		In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.
Weaknesses		CWE-787
References		https://corp.mediatek.com/product-security-bulletin/August-2024

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-08-14T03:02:50.826Z

Updated: 2024-08-21T17:31:58.782Z

Reserved: 2023-11-02T13:35:35.173Z

Link: CVE-2024-20083

Vulnrichment

Updated: 2024-08-14T14:27:35.391Z

NVD

Status : Undergoing Analysis

Published: 2024-08-14T03:15:04.280

Modified: 2024-08-21T18:35:02.057

Link: CVE-2024-20083

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object