CVE-2024-20134

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/December-2024	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*
	cpe:2.3:o:google:android:15.0:::::::*

OR	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6896:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt8755:-:::::::*
	cpe:2.3:h:mediatek:mt8775:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

History

No history.

Information

Published : 2024-12-02 04:15

Updated : 2025-04-22 13:55

NVD link : CVE-2024-20134

Mitre link : CVE-2024-20134

CVE.ORG link : CVE-2024-20134

JSON object : View

Products Affected

mediatek

mt6989
mt6896
mt6983
mt6879
mt6895
mt6897
mt6878
mt8775
mt8755
mt8798
mt6985
mt6835
mt8796

google

android

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-20134", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-12-02T04:15:05.693", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/December-2024", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866."}, {"lang": "es", "value": "En RIL, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los permisos de ejecuci\u00f3n de System. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09154589; ID de problema: MSV-1866."}], "lastModified": "2025-04-22T13:55:51.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}, {"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"}, {"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53"}, {"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"}, {"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"}, {"criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A"}, {"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"}, {"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"}, {"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"}, {"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255"}, {"criteria": "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CF88096-5CBD-4A4B-8F47-33D38985956F"}, {"criteria": "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE5FB550-7264-4879-BAF9-6798949113AF"}, {"criteria": "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548"}, {"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}