Multiple vulnerabilities in MediaTek chipsets

1) Out-of-bounds write

EUVDB-ID: #VU86129

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20006

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within da. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT2713: All versions

MT6781: All versions

MT6880: All versions

MT6890: All versions

MT8188T: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU86130

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20007

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a race condition within mp3 decoder. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6765: All versions

MT6779: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6835: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8321: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8797: All versions

MT8798: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU86131

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20009

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect error handling within alac decoder. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6739: All versions

MT6761: All versions

MT6762: All versions

MT6765: All versions

MT6779: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6835: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8163: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8176: All versions

MT8185: All versions

MT8188: All versions

MT8188T: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type confusion

EUVDB-ID: #VU86132

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20010

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to type confusion within keyInstall. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6731: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6835: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8185: All versions

MT8321: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8673: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8791T: All versions

MT8797: All versions

MT8798: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU86133

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20011

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within alac decoder. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6985: All versions

MT8127: All versions

MT8135: All versions

MT8167: All versions

MT8167S: All versions

MT8168: All versions

MT8173: All versions

MT8175: All versions

MT8176: All versions

MT8183: All versions

MT8185: All versions

MT8188: All versions

MT8188T: All versions

MT8195: All versions

MT8195Z: All versions

MT8312C: All versions

MT8312D: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU86134

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20003

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an improper input validation within Modem NL1. A local application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT2735: All versions

MT6297: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6875T: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8675: All versions

MT8791: All versions

MT8791T: All versions

MT8797: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Type confusion

EUVDB-ID: #VU86135

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20012

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to type confusion within keyInstall. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6731: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6835: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6891: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8321: All versions

MT8385: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791T: All versions

MT8797: All versions

MT8798: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU86136

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20013

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within keyInstall. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6580: All versions

MT6731: All versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6757C: All versions

MT6757CD: All versions

MT6757CH: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6835: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8185: All versions

MT8321: All versions

MT8385: All versions

MT8666: All versions

MT8667: All versions

MT8673: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791: All versions

MT8791T: All versions

MT8797: All versions

MT8798: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Missing Authorization

EUVDB-ID: #VU86137

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20015

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a permissions bypass within telephony. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6761: All versions

MT6762: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6769: All versions

MT6781: All versions

MT6833: All versions

MT6835: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6886: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT6985: All versions

MT8321: All versions

MT8667: All versions

MT8673: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

MT8791T: All versions

MT8797: All versions

MT8798: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds write

EUVDB-ID: #VU86138

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20016

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to perform service disruption.

The vulnerability exists due to an integer overflow within ged. A local privileged application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT6735: All versions

MT6737: All versions

MT6739: All versions

MT6753: All versions

MT6757: All versions

MT6761: All versions

MT6763: All versions

MT6765: All versions

MT6768: All versions

MT6771: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6877: All versions

MT6879: All versions

MT6885: All versions

MT6889: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT8168: All versions

MT8183: All versions

MT8188: All versions

MT8195: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8791: All versions

MT8797: All versions

MT8798: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

EUVDB-ID: #VU86139

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20001

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within TVAPI. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT5583: All versions

MT5586: All versions

MT5691: All versions

MT5695: All versions

MT5696: All versions

MT9010: All versions

MT9011: All versions

MT9012: All versions

MT9015: All versions

MT9016: All versions

MT9020: All versions

MT9021: All versions

MT9022: All versions

MT9025: All versions

MT9026: All versions

MT9216: All versions

MT9218: All versions

MT9220: All versions

MT9221: All versions

MT9222: All versions

MT9255: All versions

MT9256: All versions

MT9266: All versions

MT9269: All versions

MT9286: All versions

MT9288: All versions

MT9602: All versions

MT9603: All versions

MT9610: All versions

MT9611: All versions

MT9612: All versions

MT9613: All versions

MT9615: All versions

MT9617: All versions

MT9618: All versions

MT9629: All versions

MT9630: All versions

MT9631: All versions

MT9632: All versions

MT9633: All versions

MT9636: All versions

MT9638: All versions

MT9639: All versions

MT9649: All versions

MT9650: All versions

MT9652: All versions

MT9653: All versions

MT9660: All versions

MT9666: All versions

MT9667: All versions

MT9669: All versions

MT9671: All versions

MT9675: All versions

MT9679: All versions

MT9685: All versions

MT9686: All versions

MT9688: All versions

MT9689: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds write

EUVDB-ID: #VU86140

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20002

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within TVAPI. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT5583: All versions

MT5586: All versions

MT5691: All versions

MT5695: All versions

MT5696: All versions

MT9010: All versions

MT9011: All versions

MT9012: All versions

MT9015: All versions

MT9016: All versions

MT9020: All versions

MT9021: All versions

MT9022: All versions

MT9025: All versions

MT9026: All versions

MT9216: All versions

MT9218: All versions

MT9220: All versions

MT9221: All versions

MT9222: All versions

MT9255: All versions

MT9256: All versions

MT9266: All versions

MT9269: All versions

MT9286: All versions

MT9288: All versions

MT9602: All versions

MT9603: All versions

MT9610: All versions

MT9611: All versions

MT9612: All versions

MT9613: All versions

MT9615: All versions

MT9617: All versions

MT9618: All versions

MT9629: All versions

MT9630: All versions

MT9631: All versions

MT9632: All versions

MT9633: All versions

MT9636: All versions

MT9638: All versions

MT9639: All versions

MT9649: All versions

MT9650: All versions

MT9652: All versions

MT9653: All versions

MT9660: All versions

MT9666: All versions

MT9667: All versions

MT9669: All versions

MT9671: All versions

MT9675: All versions

MT9679: All versions

MT9685: All versions

MT9686: All versions

MT9688: All versions

MT9689: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU86141

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20004

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an improper input validation within Modem NL1. A local application can perform service disruption.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MT2735: All versions

MT6297: All versions

MT6833: All versions

MT6853: All versions

MT6855: All versions

MT6873: All versions

MT6875: All versions

MT6875T: All versions

MT6877: All versions

MT6880: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8675: All versions

MT8791: All versions

MT8791T: All versions

MT8797: All versions

External links

http://corp.mediatek.com/product-security-bulletin/February-2024

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.