CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20640
https://notcve.org/view.php?id=CVE-2025-20640
03 Feb 2025 — In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20639
https://notcve.org/view.php?id=CVE-2025-20639
03 Feb 2025 — In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20638
https://notcve.org/view.php?id=CVE-2025-20638
03 Feb 2025 — In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20142
https://notcve.org/view.php?id=CVE-2024-20142
03 Feb 2025 — In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20141
https://notcve.org/view.php?id=CVE-2024-20141
03 Feb 2025 — In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-123: Write-what-where Condition •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20636
https://notcve.org/view.php?id=CVE-2025-20636
03 Feb 2025 — In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20635
https://notcve.org/view.php?id=CVE-2025-20635
03 Feb 2025 — In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40677
https://notcve.org/view.php?id=CVE-2024-40677
28 Jan 2025 — In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/db26138f07db830e3fb78283d37de3c0296d93cb • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 2CVE-2024-40676
https://notcve.org/view.php?id=CVE-2024-40676
28 Jan 2025 — In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/Aakashmom/frameworks_base_accounts_CVE-2024-40676 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-40675
https://notcve.org/view.php?id=CVE-2024-40675
28 Jan 2025 — In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/Aakashmom/intent_CVE-2024-40675 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •