Vulnerability Description
In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Lr12A | - |
| Mediatek | Lr13 | - |
| Mediatek | Nr15 | - |
| Mediatek | Nr16 | - |
| Mediatek | Nr17 | - |
| Mediatek | Mt2731 | - |
| Mediatek | Mt2735 | - |
| Mediatek | Mt2737 | - |
| Mediatek | Mt3967 | - |
| Mediatek | Mt6297 | - |
| Mediatek | Mt6298 | - |
| Mediatek | Mt6739 | - |
| Mediatek | Mt6761 | - |
| Mediatek | Mt6762 | - |
| Mediatek | Mt6762D | - |
| Mediatek | Mt6762M | - |
| Mediatek | Mt6763 | - |
| Mediatek | Mt6765 | - |
| Mediatek | Mt6765T | - |
| Mediatek | Mt6767 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/April-2024Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/April-2024Vendor Advisory
FAQ
What is CVE-2024-20039?
CVE-2024-20039 is a vulnerability with a CVSS score of 8.8 (HIGH). In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is n...
How severe is CVE-2024-20039?
CVE-2024-20039 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20039?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Lr12A, Mediatek Lr13, Mediatek Nr15, Mediatek Nr16, Mediatek Nr17.