Lucene search

[email protected]CVE-2024-20016

HistoryFeb 05, 2024 - 6:15 a.m.

CVE-2024-20016

2024-02-0506:15:47

CWE-190

[email protected]

web.nvd.nist.gov

cve-2024-20016

integer overflow

local denial of service

patch

alps07835901

nvd

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

AI Score

Confidence

High

JSON

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.

CPE configuration

Vulners

NVD

googleandroidRange<11.0

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6735

mediatekmt6737

mediatekmt6739

mediatekmt6753

mediatekmt6757

mediatekmt6761

mediatekmt6763

mediatekmt6765

mediatekmt6768

mediatekmt6771

mediatekmt6779

mediatekmt6781

mediatekmt6785

mediatekmt6833

mediatekmt6853

mediatekmt6855

mediatekmt6873

mediatekmt6877

mediatekmt6879

mediatekmt6885

mediatekmt6889

mediatekmt6893

mediatekmt6895

mediatekmt6983

mediatekmt8168

mediatekmt8183

mediatekmt8188

mediatekmt8195

mediatekmt8765

mediatekmt8766

mediatekmt8768

mediatekmt8791

mediatekmt8797

mediatekmt8798

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6735*cpe:2.3:h:mediatek:mt6735:*:*:*:*:*:*:*:*
mediatekmt6737*cpe:2.3:h:mediatek:mt6737:*:*:*:*:*:*:*:*
mediatekmt6739*cpe:2.3:h:mediatek:mt6739:*:*:*:*:*:*:*:*
mediatekmt6753*cpe:2.3:h:mediatek:mt6753:*:*:*:*:*:*:*:*
mediatekmt6757*cpe:2.3:h:mediatek:mt6757:*:*:*:*:*:*:*:*
mediatekmt6761*cpe:2.3:h:mediatek:mt6761:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6735	*	cpe:2.3:h:mediatek:mt6735::::::::
mediatek	mt6737	*	cpe:2.3:h:mediatek:mt6737::::::::
mediatek	mt6739	*	cpe:2.3:h:mediatek:mt6739::::::::
mediatek	mt6753	*	cpe:2.3:h:mediatek:mt6753::::::::
mediatek	mt6757	*	cpe:2.3:h:mediatek:mt6757::::::::
mediatek	mt6761	*	cpe:2.3:h:mediatek:mt6761::::::::

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6735, MT6737, MT6739, MT6753, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8183, MT8188, MT8195, MT8765, MT8766, MT8768, MT8791, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 11.0, 12.0, 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/February-2024

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

AI Score

Confidence

High

JSON

Related for CVE-2024-20016

nvd1 prion1 cvelist1