In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.
History

Mon, 07 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek
Mediatek mt6761
Mediatek mt6765
Mediatek mt6768
Mediatek mt6779
Mediatek mt6785
Mediatek mt6853
Mediatek mt6873
Mediatek mt6885
Mediatek mt8385
Mediatek mt8666
Mediatek mt8667
Mediatek mt8766
Mediatek mt8768
Mediatek mt8781
Mediatek mt8788
Mediatek mt8789
CPEs cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek
Mediatek mt6761
Mediatek mt6765
Mediatek mt6768
Mediatek mt6779
Mediatek mt6785
Mediatek mt6853
Mediatek mt6873
Mediatek mt6885
Mediatek mt8385
Mediatek mt8666
Mediatek mt8667
Mediatek mt8766
Mediatek mt8768
Mediatek mt8781
Mediatek mt8788
Mediatek mt8789
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 02:45:00 +0000

Type Values Removed Values Added
Description In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.
Weaknesses CWE-787
References

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-10-07T02:35:09.608Z

Updated: 2024-10-07T13:44:00.418Z

Reserved: 2023-11-02T13:35:35.174Z

Link: CVE-2024-20092

cve-icon Vulnrichment

Updated: 2024-10-07T13:43:21.375Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-07T03:15:02.680

Modified: 2024-10-07T19:36:41.920

Link: CVE-2024-20092

cve-icon Redhat

No data.