Vulnerability Description
In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Yocto | 3.3 |
| Rdkcentral | Rdk-B | 2022q3 |
| Android | 12.0 | |
| Openwrt | Openwrt | 19.07.0 |
| Mediatek | Mt2713 | - |
| Mediatek | Mt2737 | - |
| Mediatek | Mt6781 | - |
| Mediatek | Mt6789 | - |
| Mediatek | Mt6835 | - |
| Mediatek | Mt6855 | - |
| Mediatek | Mt6879 | - |
| Mediatek | Mt6880 | - |
| Mediatek | Mt6886 | - |
| Mediatek | Mt6890 | - |
| Mediatek | Mt6895 | - |
| Mediatek | Mt6980 | - |
| Mediatek | Mt6983 | - |
| Mediatek | Mt6985 | - |
| Mediatek | Mt6989 | - |
| Mediatek | Mt6990 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/April-2024Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/April-2024Vendor Advisory
FAQ
What is CVE-2024-20053?
CVE-2024-20053 is a vulnerability with a CVSS score of 8.4 (HIGH). In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...
How severe is CVE-2024-20053?
CVE-2024-20053 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20053?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Yocto, Rdkcentral Rdk-B, Google Android, Openwrt Openwrt, Mediatek Mt2713.