Skip to main content

Yocto CVE-2024-20099

MEDIUM
Out-of-bounds Write (CWE-787)
2024-10-07 security@mediatek.com
6.7
CVSS 3.1 · Vendor: mediatek
Share

Severity by source

Vendor (mediatek) PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mediatek) · only source for this CVE.

CVSS VectorVendor: mediatek

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 07, 2024 - 03:15 cve.org
MEDIUM 6.7

DescriptionCVE.org

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.

AnalysisAI

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. Affected products include: Linuxfoundation Yocto, Google Android.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Yocto

View all
CVE-2024-20080 CRITICAL
9.8 Jul 01

In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical seve

CVE-2024-25626 CRITICAL
9.8 Feb 19

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless

CVE-2022-26447 CRITICAL
9.8 Sep 06

In BT firmware, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8

CVE-2024-20040 HIGH
8.8 Apr 01

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.

CVE-2024-20104 HIGH
8.4 Nov 04

In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulne

CVE-2024-20053 HIGH
8.4 Apr 01

In flashc, there is a possible out of bounds write due to an uncaught exception. Rated high severity (CVSS 8.4), this vu

CVE-2025-61611 HIGH
7.5 Mar 09

In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional

CVE-2024-20089 HIGH
7.5 Sep 02

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vul

CVE-2023-32820 HIGH
7.5 Oct 02

In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5),

CVE-2023-20693 HIGH
7.5 Jul 04

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vuln

CVE-2023-20692 HIGH
7.5 Jul 04

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vuln

CVE-2023-20691 HIGH
7.5 Jul 04

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulner

Share

CVE-2024-20099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy