CVE-2024-20099
10/7/2024 3:15:00 AM
7 ماه قبل
18 روز قبل
8
Reporter :security@mediatek.com
Modified :10/7/2024 3:15:00 AM
Problem Data :CWE-787,CWE-787
Description
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.
Cvss Version 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | High |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
EPSS
| Epss Score | 0.00032 |
|---|---|
| Epss Percentile | 0.076 |
ریسک پائین:: این آسیب پذیری احتمال ارائه Exploit پائینی دارد. به روز رسانی و نظارت معمولی را لحاظ نمائید.
پیشنهادات:
- به بروزرسانی مداوم سیستم و یا شبکه خود ادامه دهید.
- از بروزرسانی های آتی این آسیب پذیری مطلع شوید.
Affected Products (Configurations)
| CPE | Vendor | Product | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:* | mediatek | mt8532 | - | * |
| cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* | android | 12.0 | * | |
| cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:* | mediatek | mt6833 | - | * |
| cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:* | linuxfoundation | yocto | 4.0 | * |
| cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:* | mediatek | mt6768 | - | * |
| cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:* | mediatek | mt6853 | - | * |
| cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:* | mediatek | mt6877 | - | * |
| cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* | android | 15.0 | * | |
| cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:* | mediatek | mt6893 | - | * |
Reference
| لینک | منبع | تگ ها |
|---|---|---|
| https://corp.mediatek.com/product-security-bulletin/October-2024 | Vendor Advisory |