In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1575.
History

Mon, 04 Nov 2024 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek
Mediatek mt6765
Mediatek mt6768
Mediatek mt6833
Mediatek mt6835
Mediatek mt6853
Mediatek mt6855
Mediatek mt6879
Mediatek mt6886
Mediatek mt6893
Mediatek mt6983
Mediatek mt8321
Mediatek mt8385
Mediatek mt8755
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8775
Mediatek mt8781
Mediatek mt8786
Mediatek mt8788
Mediatek mt8789
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8797
Mediatek mt8798
CPEs cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek
Mediatek mt6765
Mediatek mt6768
Mediatek mt6833
Mediatek mt6835
Mediatek mt6853
Mediatek mt6855
Mediatek mt6879
Mediatek mt6886
Mediatek mt6893
Mediatek mt6983
Mediatek mt8321
Mediatek mt8385
Mediatek mt8755
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8775
Mediatek mt8781
Mediatek mt8786
Mediatek mt8788
Mediatek mt8789
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8797
Mediatek mt8798
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1575.
Weaknesses CWE-787
References

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-11-04T01:49:34.400Z

Updated: 2024-11-04T10:20:24.101Z

Reserved: 2023-11-02T13:35:35.179Z

Link: CVE-2024-20120

cve-icon Vulnrichment

Updated: 2024-11-04T10:19:08.731Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-04T02:15:17.280

Modified: 2024-11-04T18:50:05.607

Link: CVE-2024-20120

cve-icon Redhat

No data.