In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Mediatek
  • Mt6765
  • Mt6768
  • Mt6779
  • Mt6785
  • Mt8321
  • Mt8385
  • Mt8666
  • Mt8667
  • Mt8755
  • Mt8765
  • Mt8766
  • Mt8768
  • Mt8771
  • Mt8775
  • Mt8781
  • Mt8786
  • Mt8788
  • Mt8789
  • Mt8791t
  • Mt8792
  • Mt8795t
  • Mt8796
  • Mt8797
  • Mt8798

No data.

No data.

References
Link Providers
https://corp.mediatek.com/product-security-bulletin/August-2024 cve-icon cve-icon
History

Wed, 21 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6765
Mediatek mt6768
Mediatek mt6779
Mediatek mt6785
Mediatek mt8321
Mediatek mt8385
Mediatek mt8666
Mediatek mt8667
Mediatek mt8755
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8775
Mediatek mt8781
Mediatek mt8786
Mediatek mt8788
Mediatek mt8789
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8797
Mediatek mt8798
CPEs cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6765
Mediatek mt6768
Mediatek mt6779
Mediatek mt6785
Mediatek mt8321
Mediatek mt8385
Mediatek mt8666
Mediatek mt8667
Mediatek mt8755
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8775
Mediatek mt8781
Mediatek mt8786
Mediatek mt8788
Mediatek mt8789
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8797
Mediatek mt8798
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Aug 2024 03:15:00 +0000

Type Values Removed Values Added
Description In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.
Weaknesses CWE-787
References
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2024-08-21T17:31:58.782Z

Reserved: 2023-11-02T13:35:35.173Z

Link: CVE-2024-20083

cve-icon Vulnrichment

Updated: 2024-08-14T14:27:35.391Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2024-08-14T03:15:04.280

Modified: 2024-08-21T18:35:02.057

Link: CVE-2024-20083

cve-icon Redhat

No data.