CVE-2024-20049 - Vulnerability Details

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Google	Android
Linuxfoundation	Yocto
Mediatek	Mt2713 Mt2737 Mt6781 Mt6789 Mt6835 Mt6855 Mt6879 Mt6880 Mt6886 Mt6890 Mt6895 Mt6980 Mt6983 Mt6985 Mt6989 Mt6990 Mt8167 Mt8168 Mt8173 Mt8175 Mt8188 Mt8195 Mt8321 Mt8362a Mt8365 Mt8385 Mt8390 Mt8395 Mt8666 Mt8667 Mt8673 Mt8765 Mt8766 Mt8768 Mt8781 Mt8786 Mt8788 Mt8789 Mt8791 Mt8791t Mt8796 Mt8797 Mt8798
Openwrt	Openwrt
Rdkcentral	Rdk-b

Configuration 1 [-]

AND

OR	cpe:2.3:a:linuxfoundation:yocto:3.3:::::::*
	cpe:2.3:a:rdkcentral:rdk-b:2022q3:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::
	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::

OR	cpe:2.3:h:mediatek:mt2713:-:::::::*
	cpe:2.3:h:mediatek:mt2737:-:::::::*
	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6880:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt8167:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8173:-:::::::*
	cpe:2.3:h:mediatek:mt8175:-:::::::*
	cpe:2.3:h:mediatek:mt8188:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8321:-:::::::*
	cpe:2.3:h:mediatek:mt8362a:-:::::::*
	cpe:2.3:h:mediatek:mt8365:-:::::::*
	cpe:2.3:h:mediatek:mt8385:-:::::::*
	cpe:2.3:h:mediatek:mt8390:-:::::::*
	cpe:2.3:h:mediatek:mt8395:-:::::::*
	cpe:2.3:h:mediatek:mt8666:-:::::::*
	cpe:2.3:h:mediatek:mt8667:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8791:-:::::::*
	cpe:2.3:h:mediatek:mt8791t:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/April-2024

History

Wed, 23 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android Linuxfoundation Linuxfoundation yocto Mediatek Mediatek mt2713 Mediatek mt2737 Mediatek mt6781 Mediatek mt6789 Mediatek mt6835 Mediatek mt6855 Mediatek mt6879 Mediatek mt6880 Mediatek mt6886 Mediatek mt6890 Mediatek mt6895 Mediatek mt6980 Mediatek mt6983 Mediatek mt6985 Mediatek mt6989 Mediatek mt6990 Mediatek mt8167 Mediatek mt8168 Mediatek mt8173 Mediatek mt8175 Mediatek mt8188 Mediatek mt8195 Mediatek mt8321 Mediatek mt8362a Mediatek mt8365 Mediatek mt8385 Mediatek mt8390 Mediatek mt8395 Mediatek mt8666 Mediatek mt8667 Mediatek mt8673 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8789 Mediatek mt8791 Mediatek mt8791t Mediatek mt8796 Mediatek mt8797 Mediatek mt8798 Openwrt Openwrt openwrt Rdkcentral Rdkcentral rdk-b
CPEs		cpe:2.3:a:linuxfoundation:yocto:3.3:::::::* cpe:2.3:a:rdkcentral:rdk-b:2022q3:::::::* cpe:2.3:h:mediatek:mt2713:-:::::::* cpe:2.3:h:mediatek:mt2737:-:::::::* cpe:2.3:h:mediatek:mt6781:-:::::::* cpe:2.3:h:mediatek:mt6789:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6855:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6880:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6890:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt6980:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6985:-:::::::* cpe:2.3:h:mediatek:mt6989:-:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:h:mediatek:mt8167:-:::::::* cpe:2.3:h:mediatek:mt8168:-:::::::* cpe:2.3:h:mediatek:mt8173:-:::::::* cpe:2.3:h:mediatek:mt8175:-:::::::* cpe:2.3:h:mediatek:mt8188:-:::::::* cpe:2.3:h:mediatek:mt8195:-:::::::* cpe:2.3:h:mediatek:mt8321:-:::::::* cpe:2.3:h:mediatek:mt8362a:-:::::::* cpe:2.3:h:mediatek:mt8365:-:::::::* cpe:2.3:h:mediatek:mt8385:-:::::::* cpe:2.3:h:mediatek:mt8390:-:::::::* cpe:2.3:h:mediatek:mt8395:-:::::::* cpe:2.3:h:mediatek:mt8666:-:::::::* cpe:2.3:h:mediatek:mt8667:-:::::::* cpe:2.3:h:mediatek:mt8673:-:::::::* cpe:2.3:h:mediatek:mt8765:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8789:-:::::::* cpe:2.3:h:mediatek:mt8791:-:::::::* cpe:2.3:h:mediatek:mt8791t:-:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:h:mediatek:mt8797:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:o:openwrt:openwrt:19.07.0:-:::::: cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::
Vendors & Products		Google Google android Linuxfoundation Linuxfoundation yocto Mediatek Mediatek mt2713 Mediatek mt2737 Mediatek mt6781 Mediatek mt6789 Mediatek mt6835 Mediatek mt6855 Mediatek mt6879 Mediatek mt6880 Mediatek mt6886 Mediatek mt6890 Mediatek mt6895 Mediatek mt6980 Mediatek mt6983 Mediatek mt6985 Mediatek mt6989 Mediatek mt6990 Mediatek mt8167 Mediatek mt8168 Mediatek mt8173 Mediatek mt8175 Mediatek mt8188 Mediatek mt8195 Mediatek mt8321 Mediatek mt8362a Mediatek mt8365 Mediatek mt8385 Mediatek mt8390 Mediatek mt8395 Mediatek mt8666 Mediatek mt8667 Mediatek mt8673 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8789 Mediatek mt8791 Mediatek mt8791t Mediatek mt8796 Mediatek mt8797 Mediatek mt8798 Openwrt Openwrt openwrt Rdkcentral Rdkcentral rdk-b

Thu, 13 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-248
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-04-01T02:35:11.038Z

Updated: 2025-03-13T16:44:57.311Z

Reserved: 2023-11-02T13:35:35.158Z

Link: CVE-2024-20049

Vulnrichment

Updated: 2024-08-01T21:52:31.648Z

NVD

Status : Analyzed

Published: 2024-04-01T03:15:08.337

Modified: 2025-04-23T13:47:38.603

Link: CVE-2024-20049

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object