Vulnerability Description
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Yocto | 3.3 |
| Rdkcentral | Rdk-B | 2022q3 |
| Android | 12.0 | |
| Linux | Linux Kernel | 4.19 |
| Openwrt | Openwrt | 19.07.0 |
| Mediatek | Mt2713 | - |
| Mediatek | Mt6580 | - |
| Mediatek | Mt6761 | - |
| Mediatek | Mt6762 | - |
| Mediatek | Mt6768 | - |
| Mediatek | Mt6781 | - |
| Mediatek | Mt6789 | - |
| Mediatek | Mt6833 | - |
| Mediatek | Mt6853 | - |
| Mediatek | Mt6853T | - |
| Mediatek | Mt6855 | - |
| Mediatek | Mt6873 | - |
| Mediatek | Mt6875 | - |
| Mediatek | Mt6877 | - |
| Mediatek | Mt6879 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/April-2024Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/April-2024Vendor Advisory
FAQ
What is CVE-2024-20040?
CVE-2024-20040 is a vulnerability with a CVSS score of 8.8 (HIGH). In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User inter...
How severe is CVE-2024-20040?
CVE-2024-20040 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20040?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Yocto, Rdkcentral Rdk-B, Google Android, Linux Linux Kernel, Openwrt Openwrt.