CVE-2024-20034 - Vulnerability Details

In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Mediatek	Mt6761 Mt6765 Mt6768 Mt6855 Mt6895 Mt8167 Mt8168 Mt8188 Mt8321 Mt8765 Mt8766 Mt8768 Mt8781 Mt8786 Mt8788 Mt8789 Mt8791t Mt8797 Mt8798

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*

OR	cpe:2.3:h:mediatek:mt6761:-:::::::*
	cpe:2.3:h:mediatek:mt6765:-:::::::*
	cpe:2.3:h:mediatek:mt6768:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt8167:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8188:-:::::::*
	cpe:2.3:h:mediatek:mt8321:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8791t:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/March-2024

History

Tue, 22 Apr 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android Mediatek Mediatek mt6761 Mediatek mt6765 Mediatek mt6768 Mediatek mt6855 Mediatek mt6895 Mediatek mt8167 Mediatek mt8168 Mediatek mt8188 Mediatek mt8321 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8789 Mediatek mt8791t Mediatek mt8797 Mediatek mt8798
CPEs		cpe:2.3:h:mediatek:mt6761:-:::::::* cpe:2.3:h:mediatek:mt6765:-:::::::* cpe:2.3:h:mediatek:mt6768:-:::::::* cpe:2.3:h:mediatek:mt6855:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt8167:-:::::::* cpe:2.3:h:mediatek:mt8168:-:::::::* cpe:2.3:h:mediatek:mt8188:-:::::::* cpe:2.3:h:mediatek:mt8321:-:::::::* cpe:2.3:h:mediatek:mt8765:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8789:-:::::::* cpe:2.3:h:mediatek:mt8791t:-:::::::* cpe:2.3:h:mediatek:mt8797:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:google:android:14.0:::::::*
Vendors & Products		Google Google android Mediatek Mediatek mt6761 Mediatek mt6765 Mediatek mt6768 Mediatek mt6855 Mediatek mt6895 Mediatek mt8167 Mediatek mt8168 Mediatek mt8188 Mediatek mt8321 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8789 Mediatek mt8791t Mediatek mt8797 Mediatek mt8798

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-03-04T02:43:50.219Z

Updated: 2024-08-01T21:52:31.759Z

Reserved: 2023-11-02T13:35:35.153Z

Link: CVE-2024-20034

Vulnrichment

Updated: 2024-08-01T21:52:31.759Z

NVD

Status : Analyzed

Published: 2024-03-04T03:15:07.673

Modified: 2025-04-22T20:23:07.077

Link: CVE-2024-20034

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object