CVE-2024-20009

In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*

History

09 Feb 2024, 02:05

Type Values Removed Values Added
CPE cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/February-2024 - () https://corp.mediatek.com/product-security-bulletin/February-2024 - Vendor Advisory
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Mediatek mt8167
Mediatek mt6739
Mediatek mt8175
Mediatek mt6789
Mediatek mt6765
Mediatek mt8173
Mediatek mt6983
Mediatek mt6885
Mediatek mt6895
Mediatek
Mediatek mt6886
Mediatek mt8168
Mediatek mt6883
Mediatek mt6779
Mediatek mt8188t
Mediatek mt6762
Mediatek mt6835
Mediatek mt8176
Mediatek mt8167s
Mediatek mt8185
Mediatek mt6580
Mediatek mt6873
Google android
Mediatek mt6853t
Mediatek mt6833
Google
Mediatek mt8188
Mediatek mt6889
Mediatek mt6879
Mediatek mt8163
Mediatek mt6853
Mediatek mt6785
Mediatek mt6877
Mediatek mt6761
Mediatek mt6985
Mediatek mt6855

05 Feb 2024, 13:54

Type Values Removed Values Added
Summary
  • (es) En el decodificador alac, existe una posible escritura fuera de los límites debido a un manejo incorrecto de errores. Esto podría conducir a una escalada remota de privilegios sin necesidad de permisos de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS08441150; ID del problema: ALPS08441150.

05 Feb 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-05 06:15

Updated : 2024-02-09 02:05


NVD link : CVE-2024-20009

Mitre link : CVE-2024-20009

CVE.ORG link : CVE-2024-20009


JSON object : View

Products Affected

mediatek

  • mt8175
  • mt6883
  • mt6886
  • mt8168
  • mt6885
  • mt6580
  • mt6765
  • mt6835
  • mt8188
  • mt8176
  • mt6877
  • mt8163
  • mt8188t
  • mt6853
  • mt6785
  • mt6833
  • mt6762
  • mt6789
  • mt6739
  • mt6855
  • mt8167
  • mt6983
  • mt6761
  • mt6985
  • mt8167s
  • mt6889
  • mt6779
  • mt6879
  • mt6853t
  • mt8173
  • mt8185
  • mt6873
  • mt6895

google

  • android
CWE
CWE-787

Out-of-bounds Write