CVE-2024-20067 — CRITICAL (9.8)

Vulnerability Description

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mediatek	Nr16	-
Mediatek	Nr17	-
Mediatek	Mt6813	-
Mediatek	Mt6815	-
Mediatek	Mt6835	-
Mediatek	Mt6878	-
Mediatek	Mt6897	-
Mediatek	Mt6899	-
Mediatek	Mt6986	-
Mediatek	Mt6986D	-
Mediatek	Mt6991	-
Mediatek	Mt8792	-

Related Weaknesses (CWE)

CWE-787

References

https://corp.mediatek.com/product-security-bulletin/June-2024Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/June-2024Vendor Advisory

FAQ

What is CVE-2024-20067?

CVE-2024-20067 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no...

How severe is CVE-2024-20067?

CVE-2024-20067 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-20067?

Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Nr16, Mediatek Nr17, Mediatek Mt6813, Mediatek Mt6815, Mediatek Mt6835.