Description
In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.
Published: 2025-01-06
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 22 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Linuxfoundation
Linuxfoundation yocto
Mediatek
Mediatek mt3603
Mediatek mt6835
Mediatek mt6878
Mediatek mt6886
Mediatek mt6897
Mediatek mt7902
Mediatek mt7920
Mediatek mt7922
Mediatek mt8518s
Mediatek mt8532
Mediatek mt8766
Mediatek mt8768
Mediatek mt8775
Mediatek mt8796
Mediatek mt8798
Mediatek software Development Kit
CPEs cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3603:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Linuxfoundation
Linuxfoundation yocto
Mediatek
Mediatek mt3603
Mediatek mt6835
Mediatek mt6878
Mediatek mt6886
Mediatek mt6897
Mediatek mt7902
Mediatek mt7920
Mediatek mt7922
Mediatek mt8518s
Mediatek mt8532
Mediatek mt8766
Mediatek mt8768
Mediatek mt8775
Mediatek mt8796
Mediatek mt8798
Mediatek software Development Kit

Mon, 06 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 06 Jan 2025 03:30:00 +0000

Type Values Removed Values Added
Description In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.
Weaknesses CWE-787
References

Subscriptions

Google Android
Linuxfoundation Yocto
Mediatek Mt3603 Mt6835 Mt6878 Mt6886 Mt6897 Mt7902 Mt7920 Mt7922 Mt8518s Mt8532 Mt8766 Mt8768 Mt8775 Mt8796 Mt8798 Software Development Kit
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-02-26T19:09:32.784Z

Reserved: 2023-11-02T13:35:35.186Z

Link: CVE-2024-20148

cve-icon Vulnrichment

Updated: 2025-01-06T14:16:06.327Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-06T04:15:07.077

Modified: 2025-04-22T13:50:16.450

Link: CVE-2024-20148

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses