VDB

CISA-2024-20105

CISA-2024-20105 PUBLISHED CVSS 6.7 MEDIUM

Reported by MediaTek · Published January 6, 2025

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743.

Risk Scores

CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
MediaTek, Inc.MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, MT8768Android 12.0, 13.0, 14.0, 15.0
MediaTek, Inc.MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, MT8768Android 12.0, 13.0, 14.0, 15.0, Android 12.0, 13.0, 14.0, 15.0

Timeline

  • Jan 6, 2025 CVE Published
  • Feb 26, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›