CVE-2024-20146

In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
MediaTekCNA
---
---
CISA-ADPADP
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
linuxfoundationyocto
3.3
linuxfoundationyocto
4.0
linuxfoundationyocto
5.0
mediateksoftware_development_kit
𝑥
≤ 2.5
googleandroid
13.0
googleandroid
14.0
googleandroid
15.0
openwrtopenwrt
23.05
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://corp.mediatek.com/product-security-bulletin/January-2025