CVSS: 6.7EPSS: 0%CPEs: 67EXPL: 0CVE-2024-20108
https://notcve.org/view.php?id=CVE-2024-20108
04 Nov 2024 — In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20098
https://notcve.org/view.php?id=CVE-2024-20098
07 Oct 2024 — In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20097
https://notcve.org/view.php?id=CVE-2024-20097
07 Oct 2024 — In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2024-20094
https://notcve.org/view.php?id=CVE-2024-20094
07 Oct 2024 — In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. • https://corp.mediatek.com/product-security-bulletin/October-2024 • CWE-617: Reachable Assertion •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2024-20075
https://notcve.org/view.php?id=CVE-2024-20075
03 Jun 2024 — In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID: MSV-1393. En eemgpu, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-20069
https://notcve.org/view.php?id=CVE-2024-20069
03 Jun 2024 — In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430. En el módem, existe una posible selección de algoritmos menos seguros durante el IKE de VoWiFi debido a que falta una verificación de degradación de DH. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 6.7EPSS: 0%CPEs: 41EXPL: 0CVE-2024-20021
https://notcve.org/view.php?id=CVE-2024-20021
06 May 2024 — In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. En atf spm, existe una forma posible de reasignar la memoria física a la memoria virtual debido a un error lógico. • https://corp.mediatek.com/product-security-bulletin/May-2024 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 31EXPL: 0CVE-2024-20037
https://notcve.org/view.php?id=CVE-2024-20037
04 Mar 2024 — In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.2EPSS: 0%CPEs: 37EXPL: 0CVE-2024-20005
https://notcve.org/view.php?id=CVE-2024-20005
04 Mar 2024 — In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0CVE-2024-20004
https://notcve.org/view.php?id=CVE-2024-20004
05 Feb 2024 — In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). En Modem NL1, existe una posible falla del sistema debido a una validación de entrada incorrecta. • https://corp.mediatek.com/product-security-bulletin/February-2024 • CWE-20: Improper Input Validation •