CVE-2024-20091
10/7/2024 3:15:00 AM
2 ماه قبل
2 ماه قبل
4
Reporter :security@mediatek.com
Modified :10/7/2024 3:15:00 AM
Problem Data :CWE-125
Description
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701.
Cvss Version 3.1
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | High |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
Reference
| لینک | منبع | تگ ها |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/October-2024 | Vendor Advisory |