SB2024120356 - Multiple vulnerabilities in MediaTek chipsets

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2024-20135)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within soundtrigger. A local privileged application can execute arbitrary code.

2) Reachable Assertion (CVE-ID: CVE-2024-20139)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to improper handling of exceptional conditions within Bluetooth. A local application can perform service disruption.

3) Out-of-bounds read (CVE-ID: CVE-2024-20138)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within wlan. A local application can gain access to sensitive information.

4) Out-of-bounds read (CVE-ID: CVE-2024-20116)

The vulnerability allows a local privileged application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within cmdq. A local privileged application can gain access to sensitive information.

5) Uncaught Exception (CVE-ID: CVE-2024-20137)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to improper handling of exceptional conditions within wlan. A local application can perform service disruption.

6) Out-of-bounds read (CVE-ID: CVE-2024-20136)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within DA. A local application can gain access to sensitive information.

7) Out-of-bounds write (CVE-ID: CVE-2024-20134)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within ril. A local privileged application can execute arbitrary code.

8) Out-of-bounds write (CVE-ID: CVE-2024-20125)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within vdec. A local application can execute arbitrary code.

9) Out-of-bounds write (CVE-ID: CVE-2024-20133)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within Modem. A local privileged application can execute arbitrary code.

10) Out-of-bounds write (CVE-ID: CVE-2024-20132)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a mission bounds check within Modem. A local application can execute arbitrary code.

11) Out-of-bounds write (CVE-ID: CVE-2024-20131)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within Modem. A local privileged application can execute arbitrary code.

12) Stack-based buffer overflow (CVE-ID: CVE-2024-20130)

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within power. A local privileged application can execute arbitrary code.

13) Out-of-bounds read (CVE-ID: CVE-2024-20127)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within Telephony. A local application can perform service disruption.

14) Out-of-bounds read (CVE-ID: CVE-2024-20128)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within Telephony. A local application can perform service disruption.

15) Out-of-bounds read (CVE-ID: CVE-2024-20129)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within Telephony. A local application can perform service disruption.

Remediation

Install update from vendor's website.

References

• https://corp.mediatek.com/product-security-bulletin/December-2024