Lucene search

[email protected]NVD:CVE-2024-20021

HistoryMay 06, 2024 - 3:15 a.m.

CVE-2024-20021

2024-05-0603:15:09

CWE-269

[email protected]

web.nvd.nist.gov

atf spm

memory remapping

local privilege escalation

logic error

patch alps08584568

issue msv-1249

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.

References

corp.mediatek.com/product-security-bulletin/May-2024

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-20021

vulnrichment1 cve1 cvelist1