Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20092


In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.


Published

2024-10-07T03:15:02.680

Last Modified

2025-04-25T18:37:36.207

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-787
  • Type: Primary
    CWE-787

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google android 12.0 Yes
Hardware mediatek mt6761 - No
Hardware mediatek mt6765 - No
Hardware mediatek mt6768 - No
Hardware mediatek mt6779 - No
Hardware mediatek mt6785 - No
Hardware mediatek mt6853 - No
Hardware mediatek mt6873 - No
Hardware mediatek mt6885 - No
Hardware mediatek mt8385 - No
Hardware mediatek mt8666 - No
Hardware mediatek mt8667 - No
Hardware mediatek mt8766 - No
Hardware mediatek mt8768 - No
Hardware mediatek mt8781 - No
Hardware mediatek mt8788 - No
Hardware mediatek mt8789 - No

References