CVE-2024-20152

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/January-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:linuxfoundation:yocto:3.3:::::::*
	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
	cpe:2.3:a:linuxfoundation:yocto:5.0:::::::*
	cpe:2.3:a:mediatek:software_development_kit::::::::
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*
	cpe:2.3:o:google:android:15.0:::::::*
	cpe:2.3:o:openwrt:openwrt:23.05:::::::*

OR	cpe:2.3:h:mediatek:mt2737:-:::::::*
	cpe:2.3:h:mediatek:mt3603:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt7902:-:::::::*
	cpe:2.3:h:mediatek:mt7920:-:::::::*
	cpe:2.3:h:mediatek:mt7922:-:::::::*
	cpe:2.3:h:mediatek:mt8518s:-:::::::*
	cpe:2.3:h:mediatek:mt8532:-:::::::*
	cpe:2.3:h:mediatek:mt8755:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8775:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*
	cpe:2.3:h:mediatek:mt8893:-:::::::*

History

21 Apr 2025, 17:12

Type	Values Removed	Values Added
First Time		Mediatek mt8796 Mediatek mt8781 Mediatek mt6835 Mediatek mt3603 Mediatek software Development Kit Openwrt Mediatek mt7922 Mediatek mt6990 Mediatek mt8518s Mediatek mt8768 Mediatek mt6886 Openwrt openwrt Mediatek mt8775 Mediatek mt8755 Mediatek mt6878 Mediatek mt6897 Mediatek mt8532 Google android Mediatek mt7920 Mediatek mt2737 Linuxfoundation yocto Google Mediatek mt8893 Mediatek mt8798 Mediatek mt8766 Mediatek mt7902 Mediatek Linuxfoundation
Summary		(es) En wlan STA driver, existe una posible aserción alcanzable debido a una gestión inadecuada de excepciones. Esto podría provocar una denegación de servicio local si un actor malintencionado ya obtuvo el privilegio de System. No se necesita la interacción del usuario para la explotación. ID de parche: WCNCR00389047 / ALPS09136505; ID de problema: MSV-1798.
References	~~() https://corp.mediatek.com/product-security-bulletin/January-2025 -~~	() https://corp.mediatek.com/product-security-bulletin/January-2025 - Vendor Advisory
CPE		cpe:2.3:h:mediatek:mt7902:-:::::::* cpe:2.3:h:mediatek:mt8775:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:a:linuxfoundation:yocto:5.0:::::::* cpe:2.3:h:mediatek:mt7922:-:::::::* cpe:2.3:h:mediatek:mt8532:-:::::::* cpe:2.3:h:mediatek:mt8893:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt7920:-:::::::* cpe:2.3:h:mediatek:mt8755:-:::::::* cpe:2.3:h:mediatek:mt3603:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:h:mediatek:mt2737:-:::::::* cpe:2.3:a:mediatek:software_development_kit:::::::: cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:a:linuxfoundation:yocto:4.0:::::::* cpe:2.3:h:mediatek:mt8518s:-:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:o:openwrt:openwrt:23.05:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:a:linuxfoundation:yocto:3.3:::::::* cpe:2.3:o:google:android:15.0:::::::*