CVE-2024-20138

EPSS 0.14%
Published 02.12.2024 04:15:06
Last modified 22.04.2025 13:49:26
Source security@mediatek.com
Teams watchlist Login
Open Login

In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Mediatek ≫ Software Development Kit Version <= 3.3

   Mediatek ≫ Mt3605 Version-
   Mediatek ≫ Mt6985 Version-
   Mediatek ≫ Mt6989 Version-
   Mediatek ≫ Mt6990 Version-
   Mediatek ≫ Mt7925 Version-
   Mediatek ≫ Mt7927 Version-
   Mediatek ≫ Mt8195 Version-
   Mediatek ≫ Mt8370 Version-
   Mediatek ≫ Mt8390 Version-

Google ≫ Android Version13.0

Google ≫ Android Version14.0

Google ≫ Android Version15.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.353

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://corp.mediatek.com/product-security-bulletin/December-2024

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20138

EUVD