CVE-2024-20139

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20139

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/December-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05.0:-:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
History

12 Jan 2026, 16:29

Type Values Removed Values Added
First Time Mediatek mt7925
Mediatek mt6990
Mediatek mt8518s
Google android
Openwrt openwrt
Mediatek mt6989
Mediatek mt8532
Mediatek mt2737
Linuxfoundation yocto
Mediatek
Linuxfoundation
Mediatek mt7927
Mediatek mt3605
Mediatek software Development Kit
Google
Mediatek mt8678
Openwrt
Mediatek mt6985
CPE cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:5.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/December-2024 - () https://corp.mediatek.com/product-security-bulletin/December-2024 - Vendor Advisory

02 Dec 2024, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
Summary
  • (es) En el firmware de Bluetooth, existe una posible confirmación de firmware debido al manejo inadecuado de condiciones excepcionales. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: ALPS09001270; ID de problema: MSV-1600.

02 Dec 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-02 04:15

Updated : 2026-01-12 16:29

NVD link : CVE-2024-20139

Mitre link : CVE-2024-20139

CVE.ORG link : CVE-2024-20139

JSON object : View

Products Affected

mediatek

openwrt

google

linuxfoundation

CWE
CWE-617

Reachable Assertion