CVE-2024-20136

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/December-2024	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:rdkcentral:rdk-b:2022q3:::::::*
	cpe:2.3:a:rdkcentral:rdk-b:2024q1:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*
	cpe:2.3:o:google:android:15.0:::::::*
	cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::
	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::
	cpe:2.3:o:openwrt:openwrt:23.05:::::::*

OR	cpe:2.3:h:mediatek:mt2737:-:::::::*
	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6880:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8370:-:::::::*
	cpe:2.3:h:mediatek:mt8390:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8676:-:::::::*
	cpe:2.3:h:mediatek:mt8678:-:::::::*
	cpe:2.3:h:mediatek:mt8755:-:::::::*
	cpe:2.3:h:mediatek:mt8775:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8795t:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*
	cpe:2.3:h:mediatek:mt8893:-:::::::*

History

22 Apr 2025, 13:55

Type	Values Removed	Values Added
First Time		Mediatek mt8796 Mediatek mt8775 Mediatek mt6895 Mediatek mt8195 Mediatek mt6989 Mediatek mt8781 Mediatek mt6897 Mediatek mt6985 Mediatek mt6990 Google android Mediatek Rdkcentral Mediatek mt6980 Mediatek mt6855 Mediatek mt8798 Mediatek mt6983 Mediatek mt2737 Openwrt openwrt Mediatek mt8795t Mediatek mt8390 Mediatek mt8370 Mediatek mt8676 Mediatek mt6880 Mediatek mt6879 Mediatek mt6878 Google Openwrt Mediatek mt6886 Mediatek mt6890 Mediatek mt6789 Rdkcentral rdk-b Mediatek mt8673 Mediatek mt8678 Mediatek mt6781 Mediatek mt8893 Mediatek mt8755
References	~~() https://corp.mediatek.com/product-security-bulletin/December-2024 -~~	() https://corp.mediatek.com/product-security-bulletin/December-2024 - Vendor Advisory
CPE		cpe:2.3:h:mediatek:mt8795t:-:::::::* cpe:2.3:o:openwrt:openwrt:21.02.0:-:::::: cpe:2.3:o:google:android:15.0:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:h:mediatek:mt6855:-:::::::* cpe:2.3:h:mediatek:mt6789:-:::::::* cpe:2.3:o:openwrt:openwrt:23.05:::::::* cpe:2.3:a:rdkcentral:rdk-b:2022q3:::::::* cpe:2.3:h:mediatek:mt2737:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6781:-:::::::* cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:h:mediatek:mt8673:-:::::::* cpe:2.3:h:mediatek:mt8195:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt8893:-:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:h:mediatek:mt8390:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:h:mediatek:mt8775:-:::::::* cpe:2.3:a:rdkcentral:rdk-b:2024q1:::::::* cpe:2.3:h:mediatek:mt6989:-:::::::* cpe:2.3:h:mediatek:mt8678:-:::::::* cpe:2.3:h:mediatek:mt6890:-:::::::* cpe:2.3:h:mediatek:mt6880:-:::::::* cpe:2.3:h:mediatek:mt8370:-:::::::* cpe:2.3:h:mediatek:mt6985:-:::::::* cpe:2.3:o:openwrt:openwrt:19.07.0:-:::::: cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt8676:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:h:mediatek:mt8755:-:::::::* cpe:2.3:h:mediatek:mt6980:-:::::::*

02 Dec 2024, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.2
Summary		(es) En da, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09121847; ID de problema: MSV-1821.

02 Dec 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-02 04:15

Updated : 2025-04-22 13:55

NVD link : CVE-2024-20136

Mitre link : CVE-2024-20136

CVE.ORG link : CVE-2024-20136

JSON object : View

Products Affected

mediatek

mt8673
mt6880
mt6855
mt8893
mt8798
mt8195
mt6897
mt6890
mt6983
mt8775
mt8390
mt2737
mt8795t
mt6980
mt8676
mt6789
mt8796
mt6895
mt8781
mt6879
mt6989
mt8755
mt6886
mt6878
mt6781
mt6990
mt6985
mt8370
mt8678

rdkcentral

rdk-b

openwrt

openwrt

google

android

CWE

CWE-125

Out-of-bounds Read

6.2 /10