CVE-2024-20151 - Vulnerability Details

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mediatek	Mt2737 Mt2739 Mt6789 Mt6813 Mt6815 Mt6835 Mt6835t Mt6855 Mt6878 Mt6878t Mt6879 Mt6886 Mt6895 Mt6895t Mt6896 Mt6897 Mt6899 Mt6980 Mt6980d Mt6983 Mt6985 Mt6986 Mt6986d Mt6988 Mt6989 Mt6990 Mt6991 Mt8676 Mt8678 Mt8798 Mt8863 Nr16 Nr17

Configuration 1 [-]

AND

OR	cpe:2.3:o:mediatek:nr16:-:::::::*
	cpe:2.3:o:mediatek:nr17:-:::::::*

OR	cpe:2.3:h:mediatek:mt2737:-:::::::*
	cpe:2.3:h:mediatek:mt2739:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6813:-:::::::*
	cpe:2.3:h:mediatek:mt6815:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6835t:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6878t:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6895t:-:::::::*
	cpe:2.3:h:mediatek:mt6896:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6899:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6980d:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6986:-:::::::*
	cpe:2.3:h:mediatek:mt6986d:-:::::::*
	cpe:2.3:h:mediatek:mt6988:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt6991:-:::::::*
	cpe:2.3:h:mediatek:mt8676:-:::::::*
	cpe:2.3:h:mediatek:mt8678:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*
	cpe:2.3:h:mediatek:mt8863:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/January-2025

History

Mon, 21 Apr 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt2737 Mediatek mt2739 Mediatek mt6789 Mediatek mt6813 Mediatek mt6815 Mediatek mt6835 Mediatek mt6835t Mediatek mt6855 Mediatek mt6878 Mediatek mt6878t Mediatek mt6879 Mediatek mt6886 Mediatek mt6895 Mediatek mt6895t Mediatek mt6896 Mediatek mt6897 Mediatek mt6899 Mediatek mt6980 Mediatek mt6980d Mediatek mt6983 Mediatek mt6985 Mediatek mt6986 Mediatek mt6986d Mediatek mt6988 Mediatek mt6989 Mediatek mt6990 Mediatek mt6991 Mediatek mt8676 Mediatek mt8678 Mediatek mt8798 Mediatek mt8863 Mediatek nr16 Mediatek nr17
CPEs		cpe:2.3:h:mediatek:mt2737:-:::::::* cpe:2.3:h:mediatek:mt2739:-:::::::* cpe:2.3:h:mediatek:mt6789:-:::::::* cpe:2.3:h:mediatek:mt6813:-:::::::* cpe:2.3:h:mediatek:mt6815:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6835t:-:::::::* cpe:2.3:h:mediatek:mt6855:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt6878t:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt6895t:-:::::::* cpe:2.3:h:mediatek:mt6896:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6899:-:::::::* cpe:2.3:h:mediatek:mt6980:-:::::::* cpe:2.3:h:mediatek:mt6980d:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6985:-:::::::* cpe:2.3:h:mediatek:mt6986:-:::::::* cpe:2.3:h:mediatek:mt6986d:-:::::::* cpe:2.3:h:mediatek:mt6988:-:::::::* cpe:2.3:h:mediatek:mt6989:-:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:h:mediatek:mt6991:-:::::::* cpe:2.3:h:mediatek:mt8676:-:::::::* cpe:2.3:h:mediatek:mt8678:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:h:mediatek:mt8863:-:::::::* cpe:2.3:o:mediatek:nr16:-:::::::* cpe:2.3:o:mediatek:nr17:-:::::::*
Vendors & Products		Mediatek Mediatek mt2737 Mediatek mt2739 Mediatek mt6789 Mediatek mt6813 Mediatek mt6815 Mediatek mt6835 Mediatek mt6835t Mediatek mt6855 Mediatek mt6878 Mediatek mt6878t Mediatek mt6879 Mediatek mt6886 Mediatek mt6895 Mediatek mt6895t Mediatek mt6896 Mediatek mt6897 Mediatek mt6899 Mediatek mt6980 Mediatek mt6980d Mediatek mt6983 Mediatek mt6985 Mediatek mt6986 Mediatek mt6986d Mediatek mt6988 Mediatek mt6989 Mediatek mt6990 Mediatek mt6991 Mediatek mt8676 Mediatek mt8678 Mediatek mt8798 Mediatek mt8863 Mediatek nr16 Mediatek nr17

Mon, 06 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 06 Jan 2025 03:30:00 +0000

Type	Values Removed	Values Added
Description		In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928.
Weaknesses		CWE-787
References		https://corp.mediatek.com/product-security-bulletin/January-2025

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2025-01-06T03:17:58.239Z

Updated: 2025-01-06T14:13:12.730Z

Reserved: 2023-11-02T13:35:35.188Z

Link: CVE-2024-20151

Vulnrichment

Updated: 2025-01-06T14:13:04.127Z

NVD

Status : Analyzed

Published: 2025-01-06T04:15:07.413

Modified: 2025-04-21T17:13:45.390

Link: CVE-2024-20151

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object