CVE-2024-20054

EUVD-2024-17769
In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
linuxfoundationyocto
2.6
linuxfoundationyocto
3.3
googleandroid
13.0
googleandroid
14.0
openwrtopenwrt
19.07.0
openwrtopenwrt
21.02.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mediatekmt6761
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt6765
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt6768
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt6789
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt6833
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt6855
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt6895
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8167
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8168
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8188
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8321
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8765
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8766
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8768
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8781
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8786
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8788
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8789
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8791t
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8797
android_13.0 ≤
𝑥
≤ android_14.0
ADP
mediatekmt8798
android_13.0 ≤
𝑥
≤ android_14.0
ADP
Common Weakness Enumeration
References
https://corp.mediatek.com/product-security-bulletin/April-2024
https://corp.mediatek.com/product-security-bulletin/April-2024