CVE-2024-20020

2024-03-0403:15:07

[email protected]

web.nvd.nist.gov

optee

out of bounds write

information disclosure

system execution privileges

cve-2024-20020

nvd

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504.

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2713*cpe:2.3:h:mediatek:mt2713:*:*:*:*:*:*:*:*
mediatekmt2715*cpe:2.3:h:mediatek:mt2715:*:*:*:*:*:*:*:*
mediatekmt8173*cpe:2.3:h:mediatek:mt8173:*:*:*:*:*:*:*:*
mediatekmt8188*cpe:2.3:h:mediatek:mt8188:*:*:*:*:*:*:*:*
mediatekmt8195*cpe:2.3:h:mediatek:mt8195:*:*:*:*:*:*:*:*
mediatekmt8390*cpe:2.3:h:mediatek:mt8390:*:*:*:*:*:*:*:*
mediatekmt8395*cpe:2.3:h:mediatek:mt8395:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2713	*	cpe:2.3:h:mediatek:mt2713::::::::
mediatek	mt2715	*	cpe:2.3:h:mediatek:mt2715::::::::
mediatek	mt8173	*	cpe:2.3:h:mediatek:mt8173::::::::
mediatek	mt8188	*	cpe:2.3:h:mediatek:mt8188::::::::
mediatek	mt8195	*	cpe:2.3:h:mediatek:mt8195::::::::
mediatek	mt8390	*	cpe:2.3:h:mediatek:mt8390::::::::
mediatek	mt8395	*	cpe:2.3:h:mediatek:mt8395::::::::

References

corp.mediatek.com/product-security-bulletin/March-2024