CVE-2024-20021 - Vulnerability Details

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Android
Mediatek	Mt6768 Mt6781 Mt6785 Mt6833 Mt6853 Mt6873 Mt6877 Mt6885 Mt6893 Mt8168 Mt8183 Mt8188 Mt8188t Mt8195 Mt8195z Mt8321 Mt8362a Mt8365 Mt8385 Mt8666 Mt8666a Mt8666b Mt8667 Mt8673 Mt8675 Mt8676 Mt8678 Mt8765 Mt8766 Mt8766z Mt8768 Mt8768a Mt8768b Mt8768t Mt8768z Mt8781 Mt8786 Mt8788 Mt8788t Mt8788x Mt8788z Mt8792 Mt8795t Mt8796 Mt8798

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

OR	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6785:-:::::::*
	cpe:2.3:h:mediatek:mt6833:-:::::::*
	cpe:2.3:h:mediatek:mt6853:-:::::::*
	cpe:2.3:h:mediatek:mt6873:-:::::::*
	cpe:2.3:h:mediatek:mt6877:-:::::::*
	cpe:2.3:h:mediatek:mt6885:-:::::::*
	cpe:2.3:h:mediatek:mt6893:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8183:-:::::::*
	cpe:2.3:h:mediatek:mt8188:-:::::::*
	cpe:2.3:h:mediatek:mt8188t:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8195z:-:::::::*
	cpe:2.3:h:mediatek:mt8321:-:::::::*
	cpe:2.3:h:mediatek:mt8362a:-:::::::*
	cpe:2.3:h:mediatek:mt8365:-:::::::*
	cpe:2.3:h:mediatek:mt8385:-:::::::*
	cpe:2.3:h:mediatek:mt8666:-:::::::*
	cpe:2.3:h:mediatek:mt8666a:-:::::::*
	cpe:2.3:h:mediatek:mt8666b:-:::::::*
	cpe:2.3:h:mediatek:mt8667:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8675:-:::::::*
	cpe:2.3:h:mediatek:mt8676:-:::::::*
	cpe:2.3:h:mediatek:mt8678:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8766z:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8768a:-:::::::*
	cpe:2.3:h:mediatek:mt8768b:-:::::::*
	cpe:2.3:h:mediatek:mt8768t:-:::::::*
	cpe:2.3:h:mediatek:mt8768z:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8788t:-:::::::*
	cpe:2.3:h:mediatek:mt8788x:-:::::::*
	cpe:2.3:h:mediatek:mt8788z:-:::::::*
	cpe:2.3:h:mediatek:mt8792:-:::::::*
	cpe:2.3:h:mediatek:mt8795t:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/May-2024

History

Wed, 30 Apr 2025 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android Mediatek mt8385 Mediatek mt8666b Mediatek mt8676 Mediatek mt8678
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt8385:-:::::::* cpe:2.3:h:mediatek:mt8666b:-:::::::* cpe:2.3:h:mediatek:mt8676:-:::::::* cpe:2.3:h:mediatek:mt8678:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:google:android:14.0:::::::*
Vendors & Products		Google Google android Mediatek mt8385 Mediatek mt8666b Mediatek mt8676 Mediatek mt8678

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-05-06T02:52:01.865Z

Updated: 2024-08-01T21:52:31.733Z

Reserved: 2023-11-02T13:35:35.151Z

Link: CVE-2024-20021

Vulnrichment

Updated: 2024-05-10T16:14:05.762Z

NVD

Status : Analyzed

Published: 2024-05-06T03:15:09.477

Modified: 2025-04-30T16:42:17.380

Link: CVE-2024-20021

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object