In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1574.
History

Mon, 04 Nov 2024 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek
Mediatek mt6765
Mediatek mt6768
Mediatek mt6833
Mediatek mt6835
Mediatek mt6853
Mediatek mt6855
Mediatek mt6879
Mediatek mt6886
Mediatek mt6893
Mediatek mt6983
Mediatek mt6989
Mediatek mt8321
Mediatek mt8385
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8775
Mediatek mt8781
Mediatek mt8786
Mediatek mt8788
Mediatek mt8789
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8797
Mediatek mt8798
CPEs cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek
Mediatek mt6765
Mediatek mt6768
Mediatek mt6833
Mediatek mt6835
Mediatek mt6853
Mediatek mt6855
Mediatek mt6879
Mediatek mt6886
Mediatek mt6893
Mediatek mt6983
Mediatek mt6989
Mediatek mt8321
Mediatek mt8385
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8775
Mediatek mt8781
Mediatek mt8786
Mediatek mt8788
Mediatek mt8789
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8797
Mediatek mt8798
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08956986; Issue ID: MSV-1574.
Weaknesses CWE-787
References

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-11-04T01:49:36.169Z

Updated: 2024-11-04T10:18:08.164Z

Reserved: 2023-11-02T13:35:35.179Z

Link: CVE-2024-20121

cve-icon Vulnrichment

Updated: 2024-11-04T10:16:08.611Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-04T02:15:17.383

Modified: 2024-11-04T18:50:05.607

Link: CVE-2024-20121

cve-icon Redhat

No data.