Main Vulnerability Database SB2024070162

SB2024070162 - Multiple vulnerabilities in MediaTek chipsets

Published: July 1, 2024

Security Bulletin ID SB2024070162

Severity

Low

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Local access

Highest impact Code execution

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2024-20077)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to incorrect error handling within Modem. A local application can perform service disruption.

2) Memory corruption (CVE-ID: CVE-2024-20076)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to incorrect error handling within Modem. A local application can perform service disruption.

3) Type confusion (CVE-ID: CVE-2024-20078)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to type confusion within venc. A local privileged application can execute arbitrary code.

4) Out-of-bounds write (CVE-ID: CVE-2024-20079)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation within gnss. A local privileged application can execute arbitrary code.

5) Improper Certificate Validation (CVE-ID: CVE-2024-20080)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper certificate validation within gnss. A local application can execute arbitrary code.

6) Out-of-bounds write (CVE-ID: CVE-2024-20081)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation within gnss. A local privileged application can execute arbitrary code.

Install update from vendor's website.