Lucene search

[email protected]CVE-2024-20045

HistoryApr 01, 2024 - 3:15 a.m.

CVE-2024-20045

2024-04-0103:15:08

[email protected]

web.nvd.nist.gov

cve-2024-20045

incorrect calculation of buffer size

local information disclosure

system execution privileges

user interaction not needed

patch alps08024748

issue alps08029526

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08024748; Issue ID: ALPS08029526.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt6833

mediatekmt6835

mediatekmt6853

mediatekmt6853t

mediatekmt6855

mediatekmt6873

mediatekmt6875

mediatekmt6877

mediatekmt6879

mediatekmt6883

mediatekmt6885

mediatekmt6886

mediatekmt6889

mediatekmt6983

mediatekmt6985

mediatekmt6989

mediatekmt8167

mediatekmt8167s

mediatekmt8168

mediatekmt8188

mediatekmt8195

mediatekmt8321

mediatekmt8385

mediatekmt8765

mediatekmt8766

mediatekmt8768

mediatekmt8781

mediatekmt8786

mediatekmt8788

mediatekmt8789

mediatekmt8791

mediatekmt8797

mediatekmt8798

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6833*cpe:2.3:h:mediatek:mt6833:*:*:*:*:*:*:*:*
mediatekmt6835*cpe:2.3:h:mediatek:mt6835:*:*:*:*:*:*:*:*
mediatekmt6853*cpe:2.3:h:mediatek:mt6853:*:*:*:*:*:*:*:*
mediatekmt6853t*cpe:2.3:h:mediatek:mt6853t:*:*:*:*:*:*:*:*
mediatekmt6855*cpe:2.3:h:mediatek:mt6855:*:*:*:*:*:*:*:*
mediatekmt6873*cpe:2.3:h:mediatek:mt6873:*:*:*:*:*:*:*:*
mediatekmt6875*cpe:2.3:h:mediatek:mt6875:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6833	*	cpe:2.3:h:mediatek:mt6833::::::::
mediatek	mt6835	*	cpe:2.3:h:mediatek:mt6835::::::::
mediatek	mt6853	*	cpe:2.3:h:mediatek:mt6853::::::::
mediatek	mt6853t	*	cpe:2.3:h:mediatek:mt6853t::::::::
mediatek	mt6855	*	cpe:2.3:h:mediatek:mt6855::::::::
mediatek	mt6873	*	cpe:2.3:h:mediatek:mt6873::::::::
mediatek	mt6875	*	cpe:2.3:h:mediatek:mt6875::::::::

Rows per page:

1-10 of 361

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6983, MT6985, MT6989, MT8167, MT8167S, MT8168, MT8188, MT8195, MT8321, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024