Multiple vulnerabilities in MediaTek chipsets

Published: 2024-08-05

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-20082 CVE-2024-20083
CWE-ID	CWE-119 CWE-787
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	MT2735 Mobile applications / Mobile firmware & hardware MT2737 Mobile applications / Mobile firmware & hardware MT6833 Mobile applications / Mobile firmware & hardware MT6835 Mobile applications / Mobile firmware & hardware MT6835T Mobile applications / Mobile firmware & hardware MT6855 Mobile applications / Mobile firmware & hardware MT6875T Mobile applications / Mobile firmware & hardware MT6879 Mobile applications / Mobile firmware & hardware MT6880 Mobile applications / Mobile firmware & hardware MT6886 Mobile applications / Mobile firmware & hardware MT6890 Mobile applications / Mobile firmware & hardware MT6895 Mobile applications / Mobile firmware & hardware MT6895T Mobile applications / Mobile firmware & hardware MT6896 Mobile applications / Mobile firmware & hardware MT6897 Mobile applications / Mobile firmware & hardware MT6980 Mobile applications / Mobile firmware & hardware MT6980D Mobile applications / Mobile firmware & hardware MT6983 Mobile applications / Mobile firmware & hardware MT6985 Mobile applications / Mobile firmware & hardware MT6989 Mobile applications / Mobile firmware & hardware MT6990 Mobile applications / Mobile firmware & hardware MT6765 Mobile applications / Mobile firmware & hardware MT6768 Mobile applications / Mobile firmware & hardware MT8321 Mobile applications / Mobile firmware & hardware MT8385 Mobile applications / Mobile firmware & hardware MT8666 Mobile applications / Mobile firmware & hardware MT8667 Mobile applications / Mobile firmware & hardware MT8755 Mobile applications / Mobile firmware & hardware MT8765 Mobile applications / Mobile firmware & hardware MT8766 Mobile applications / Mobile firmware & hardware MT8768 Mobile applications / Mobile firmware & hardware MT8771 Mobile applications / Mobile firmware & hardware MT8775 Mobile applications / Mobile firmware & hardware MT8781 Mobile applications / Mobile firmware & hardware MT8786 Mobile applications / Mobile firmware & hardware MT8788 Mobile applications / Mobile firmware & hardware MT8789 Mobile applications / Mobile firmware & hardware MT8791T Mobile applications / Mobile firmware & hardware MT8792 Mobile applications / Mobile firmware & hardware MT8795T Mobile applications / Mobile firmware & hardware MT8796 Mobile applications / Mobile firmware & hardware MT8798 Mobile applications / Mobile firmware & hardware MT6853 Hardware solutions / Firmware MT6873 Hardware solutions / Firmware MT6875 Hardware solutions / Firmware MT6877 Hardware solutions / Firmware MT6883 Hardware solutions / Firmware MT6885 Hardware solutions / Firmware MT6889 Hardware solutions / Firmware MT6891 Hardware solutions / Firmware MT6893 Hardware solutions / Firmware MT6779 Hardware solutions / Firmware MT6785 Hardware solutions / Firmware MT8797 Hardware solutions / Firmware
Vendor	MediaTek

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU95375

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20082

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT2735: All versions

MT2737: All versions

MT6833: All versions

MT6835: All versions

MT6835T: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6875T: All versions

MT6877: All versions

MT6879: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6895T: All versions

MT6896: All versions

MT6897: All versions

MT6980: All versions

MT6980D: All versions

MT6983: All versions

MT6985: All versions

MT6989: All versions

MT6990: All versions

CPE2.3

External links

https://corp.mediatek.com/product-security-bulletin/August-2024

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU95376

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20083

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within venc. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6765: All versions

MT6768: All versions

MT6779: All versions

MT6785: All versions

MT8321: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8755: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8771: All versions

MT8775: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791T: All versions

MT8792: All versions

MT8795T: All versions

MT8796: All versions

MT8797: All versions

MT8798: All versions