CVE-2024-20131

MEDIUM EPSS 7.3%

Published Dec 2, 20241y ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Dec 2, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

7.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 33

Vendor	Product	Version	Range
mediatek	nr16	*	any
mediatek	nr17	*	any
mediatek	mt2737	*	any
mediatek	mt2739	*	any
mediatek	mt6789	*	any
mediatek	mt6813	*	any
mediatek	mt6815	*	any
mediatek	mt6835	*	any
mediatek	mt6835t	*	any
mediatek	mt6855	*	any
mediatek	mt6878	*	any
mediatek	mt6878t	*	any
mediatek	mt6879	*	any
mediatek	mt6886	*	any
mediatek	mt6895	*	any
mediatek	mt6895t	*	any
mediatek	mt6896	*	any
mediatek	mt6897	*	any
mediatek	mt6899	*	any
mediatek	mt6980	*	any
mediatek	mt6980d	*	any
mediatek	mt6983	*	any
mediatek	mt6985	*	any
mediatek	mt6986	*	any
mediatek	mt6986d	*	any
mediatek	mt6988	*	any
mediatek	mt6989	*	any
mediatek	mt6990	*	any
mediatek	mt6991	*	any
mediatek	mt8673	*	any
mediatek	mt8676	*	any
mediatek	mt8795t	*	any
mediatek	mt8798	*	any

References 1

corp.mediatek.com https://corp.mediatek.com/product-security-bulletin/December-2024

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.