CVE-2024-20055 - Vulnerability Details

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Google	Android
Linuxfoundation	Yocto
Mediatek	Iot Yocto Mt2713 Mt8168 Mt8173 Mt8175 Mt8188 Mt8195 Mt8365 Mt8370 Mt8390 Mt8395 Mt8673 Mt8696 Mt8781 Mt8795t Mt8798 Mt8871

Configuration 1 [-]

AND

OR	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
	cpe:2.3:a:mediatek:iot_yocto:23.2:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*

OR	cpe:2.3:h:mediatek:mt2713:-:::::::*
	cpe:2.3:h:mediatek:mt8168:-:::::::*
	cpe:2.3:h:mediatek:mt8173:-:::::::*
	cpe:2.3:h:mediatek:mt8175:-:::::::*
	cpe:2.3:h:mediatek:mt8188:-:::::::*
	cpe:2.3:h:mediatek:mt8195:-:::::::*
	cpe:2.3:h:mediatek:mt8365:-:::::::*
	cpe:2.3:h:mediatek:mt8370:-:::::::*
	cpe:2.3:h:mediatek:mt8390:-:::::::*
	cpe:2.3:h:mediatek:mt8395:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8696:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8795t:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*
	cpe:2.3:h:mediatek:mt8871:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/April-2024

History

Wed, 23 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android Linuxfoundation Linuxfoundation yocto Mediatek Mediatek iot Yocto Mediatek mt2713 Mediatek mt8168 Mediatek mt8173 Mediatek mt8175 Mediatek mt8188 Mediatek mt8195 Mediatek mt8365 Mediatek mt8370 Mediatek mt8390 Mediatek mt8395 Mediatek mt8673 Mediatek mt8696 Mediatek mt8781 Mediatek mt8795t Mediatek mt8798 Mediatek mt8871
CPEs		cpe:2.3:a:linuxfoundation:yocto:4.0:::::::* cpe:2.3:a:mediatek:iot_yocto:23.2:::::::* cpe:2.3:h:mediatek:mt2713:-:::::::* cpe:2.3:h:mediatek:mt8168:-:::::::* cpe:2.3:h:mediatek:mt8173:-:::::::* cpe:2.3:h:mediatek:mt8175:-:::::::* cpe:2.3:h:mediatek:mt8188:-:::::::* cpe:2.3:h:mediatek:mt8195:-:::::::* cpe:2.3:h:mediatek:mt8365:-:::::::* cpe:2.3:h:mediatek:mt8370:-:::::::* cpe:2.3:h:mediatek:mt8390:-:::::::* cpe:2.3:h:mediatek:mt8395:-:::::::* cpe:2.3:h:mediatek:mt8673:-:::::::* cpe:2.3:h:mediatek:mt8696:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8795t:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:h:mediatek:mt8871:-:::::::* cpe:2.3:o:google:android:12.0:::::::* cpe:2.3:o:google:android:13.0:::::::*
Vendors & Products		Google Google android Linuxfoundation Linuxfoundation yocto Mediatek Mediatek iot Yocto Mediatek mt2713 Mediatek mt8168 Mediatek mt8173 Mediatek mt8175 Mediatek mt8188 Mediatek mt8195 Mediatek mt8365 Mediatek mt8370 Mediatek mt8390 Mediatek mt8395 Mediatek mt8673 Mediatek mt8696 Mediatek mt8781 Mediatek mt8795t Mediatek mt8798 Mediatek mt8871

Wed, 26 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-04-01T02:35:21.521Z

Updated: 2025-03-26T20:06:37.541Z

Reserved: 2023-11-02T13:35:35.160Z

Link: CVE-2024-20055

Vulnrichment

Updated: 2024-08-01T21:52:31.585Z

NVD

Status : Analyzed

Published: 2024-04-01T03:15:08.640

Modified: 2025-04-23T13:46:52.570

Link: CVE-2024-20055

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object