SB2024040143 - Multiple vulnerabilities in MediaTek chipsets
Published: April 1, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2024-20047)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an integer overflow within battery. A local privileged application can gain access to sensitive information.
2) Information exposure (CVE-ID: CVE-2024-20055)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within imgsys. A local privileged application can gain access to sensitive information.
3) Improper input validation (CVE-ID: CVE-2024-20054)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within gnss. A local privileged application can execute arbitrary code.
4) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20053)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to an uncaught exception within flashc. A local privileged application can execute arbitrary code.
5) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20052)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an uncaught exception within flashc. A local privileged application can gain access to sensitive information.
6) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20051)
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to an uncaught exception within flashc. A local privileged application can perform service disruption.
7) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20050)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an uncaught exception within flashc. A local privileged application can gain access to sensitive information.
8) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20049)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an uncaught exception within flashc. A local privileged application can gain access to sensitive information.
9) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20048)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an uncaught exception within flashc. A local privileged application can gain access to sensitive information.
10) Integer overflow (CVE-ID: CVE-2024-20046)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to an integer overflow within battery. A local privileged application can execute arbitrary code.
11) Out-of-bounds write (CVE-ID: CVE-2024-20039)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Modem Protocol. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
12) Out-of-bounds read (CVE-ID: CVE-2024-20045)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to an incorrect calculation of buffer size within audio. A local privileged application can gain access to sensitive information.
13) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20044)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within da. A local privileged application can execute arbitrary code.
14) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20043)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within da. A local privileged application can execute arbitrary code.
15) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20042)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within da. A local privileged application can execute arbitrary code.
16) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2024-20041)
The vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within da. A local privileged application can gain access to sensitive information.
17) Man-in-the-middle attack (CVE-ID: CVE-2018-5383)
The vulnerability allows an adjacent attacker to conduct man-in-the-middle attack on the target system.
The weakness exists in the Bluetooth Low Energy (BLE) implementation of Secure Connections mode insufficient validation of elliptic curve parameters that are used to generate public keys during a Diffie-Hellman key exchange when the affected software performs device pairing operations. An adjacent attacker can intercept the public key exchange between the two targeted systems, inject a malicious public key to aid in determining the session key, access sensitive information or forge and modify messages, which could be used to inject malicious software on the targeted system.
18) Improper input validation (CVE-ID: CVE-2024-20040)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within wlan firmware. A local application can execute arbitrary code.
19) NULL Pointer Dereference (CVE-ID: CVE-2023-32890)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper input validation within Modem EMM. A local application can perform service disruption.
Remediation
Install update from vendor's website.