Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20067

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462.

Published

2024-06-03T02:15:08.770

Last Modified

2025-04-25T18:39:01.213

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mediatek	nr16	-	Yes
Operating System	mediatek	nr17	-	Yes
Hardware	mediatek	mt6813	-	No
Hardware	mediatek	mt6815	-	No
Hardware	mediatek	mt6835	-	No
Hardware	mediatek	mt6878	-	No
Hardware	mediatek	mt6897	-	No
Hardware	mediatek	mt6899	-	No
Hardware	mediatek	mt6986	-	No
Hardware	mediatek	mt6986d	-	No
Hardware	mediatek	mt6991	-	No
Hardware	mediatek	mt8792	-	No

References

https://corp.mediatek.com/product-security-bulletin/June-2024 Vendor Advisory ([email protected])
https://corp.mediatek.com/product-security-bulletin/June-2024 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)