Vulnerability Description
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Yocto | 3.3 |
| Mediatek | Software Development Kit | <= 3.5 |
| Android | 13.0 | |
| Openwrt | Openwrt | 23.05 |
| Mediatek | Mt2737 | - |
| Mediatek | Mt3603 | - |
| Mediatek | Mt6835 | - |
| Mediatek | Mt6878 | - |
| Mediatek | Mt6886 | - |
| Mediatek | Mt6897 | - |
| Mediatek | Mt6985 | - |
| Mediatek | Mt6989 | - |
| Mediatek | Mt6990 | - |
| Mediatek | Mt7902 | - |
| Mediatek | Mt7920 | - |
| Mediatek | Mt7921 | - |
| Mediatek | Mt7922 | - |
| Mediatek | Mt7925 | - |
| Mediatek | Mt7927 | - |
| Mediatek | Mt8195 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-20147?
CVE-2024-20147 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interactio...
How severe is CVE-2024-20147?
CVE-2024-20147 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20147?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Yocto, Mediatek Software Development Kit, Google Android, Openwrt Openwrt, Mediatek Mt2737.