CVE-2024-20152

MEDIUM EPSS 0.6%

Published Jan 6, 20251y ago · Modified Jun 17, 20261w ago

4.4 CVSS 3.1

Medium

Published Jan 6, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

CVSS Details

Base Score

4.4

Exploitability

0.8

Impact

3.6

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

0.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-617

Affected Products 28

Vendor	Product	Version	Range
linuxfoundation	yocto	3.3	any
linuxfoundation	yocto	4.0	any
linuxfoundation	yocto	5.0	any
mediatek	software_development_kit	*	≤2.4
google	android	13.0	any
google	android	14.0	any
google	android	15.0	any
openwrt	openwrt	23.05	any
mediatek	mt2737	*	any
mediatek	mt3603	*	any
mediatek	mt6835	*	any
mediatek	mt6878	*	any
mediatek	mt6886	*	any
mediatek	mt6897	*	any
mediatek	mt6990	*	any
mediatek	mt7902	*	any
mediatek	mt7920	*	any
mediatek	mt7922	*	any
mediatek	mt8518s	*	any
mediatek	mt8532	*	any
mediatek	mt8755	*	any
mediatek	mt8766	*	any
mediatek	mt8768	*	any
mediatek	mt8775	*	any
mediatek	mt8781	*	any
mediatek	mt8796	*	any
mediatek	mt8798	*	any
mediatek	mt8893	*	any

References 1

corp.mediatek.com https://corp.mediatek.com/product-security-bulletin/January-2025

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.