CVE-2024-20107

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20107
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/November-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
History

24 Apr 2025, 15:04

Type Values Removed Values Added
References () https://corp.mediatek.com/product-security-bulletin/November-2024 - () https://corp.mediatek.com/product-security-bulletin/November-2024 - Vendor Advisory
First Time Mediatek
Rdkcentral
Mediatek mt6980
Mediatek mt6855
Mediatek mt6895
Mediatek mt6983
Openwrt openwrt
Mediatek mt8390
Mediatek mt6989
Mediatek mt8370
Mediatek mt8676
Mediatek mt6880
Mediatek mt6879
Mediatek mt6878
Google
Linuxfoundation
Mediatek mt6897
Mediatek mt6985
Mediatek mt6835
Openwrt
Mediatek mt6886
Mediatek mt6890
Linuxfoundation yocto
Mediatek mt6990
Mediatek mt6789
Rdkcentral rdk-b
Mediatek mt6781
Mediatek mt8188
Google android
CPE cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
Summary
  • (es) En da, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09124360; ID de problema: MSV-1823.

04 Nov 2024, 11:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.2

04 Nov 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-04 02:15

Updated : 2025-04-24 15:04

NVD link : CVE-2024-20107

Mitre link : CVE-2024-20107

CVE.ORG link : CVE-2024-20107

JSON object : View

Products Affected

mediatek

  • mt6880
  • mt6855
  • mt6897
  • mt6890
  • mt6983
  • mt8390
  • mt6980
  • mt8188
  • mt8676
  • mt6789
  • mt6895
  • mt6879
  • mt6835
  • mt6989
  • mt6886
  • mt6878
  • mt6781
  • mt6990
  • mt6985
  • mt8370

rdkcentral

  • rdk-b

linuxfoundation

  • yocto

openwrt

  • openwrt

google

  • android
CWE
CWE-125

Out-of-bounds Read