In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841.
History

Mon, 02 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6768
Mediatek mt6781
Mediatek mt6833
Mediatek mt6853
Mediatek mt6877
Mediatek mt6878
Mediatek mt6893
Mediatek mt6897
Mediatek mt6989
Mediatek mt8775
Mediatek mt8796
Mediatek mt9687
CPEs cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt9687:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6768
Mediatek mt6781
Mediatek mt6833
Mediatek mt6853
Mediatek mt6877
Mediatek mt6878
Mediatek mt6893
Mediatek mt6897
Mediatek mt6989
Mediatek mt8775
Mediatek mt8796
Mediatek mt9687
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 02 Dec 2024 03:30:00 +0000

Type Values Removed Values Added
Description In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841.
Weaknesses CWE-787
References

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-12-02T03:07:08.255Z

Updated: 2024-12-03T04:55:33.058Z

Reserved: 2023-11-02T13:35:35.182Z

Link: CVE-2024-20135

cve-icon Vulnrichment

Updated: 2024-12-02T15:46:15.361Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-02T04:15:05.797

Modified: 2024-12-02T16:15:08.097

Link: CVE-2024-20135

cve-icon Redhat

No data.