CVE-2024-20125

Published Dec 2, 2024

Last updated 3 months ago

CVSS medium 6.7

Overview

Description
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728.
Source
security@mediatek.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.7
Impact score
5.9
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

security@mediatek.com
CWE-787

Social media

Hype score
Not currently trending

  1. 【リンク集:11月29日~12月2日のセキュリティ関連ニュース/記事】 <脆弱性> ・MediaTek、スマートフォン用チップセットの深刻度高い脆弱性にパッチ(CVE-2024-20125) https://t.co/tr8hfGyxtF ・ProjectSendに重大な脆弱性、アクターらが悪用:CVE-2024-11680 https://t.co/wRvXHBgq1Z… https://t.co/PdSy2a1iPm

    @MachinaRecord

    2 Dec 2024

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. MediaTek December 2024 Product Security Bulletin https://t.co/9JyWmplJpa CVE-2024-20125: OOB write in vdec -> LPE (0-click😅)

    @xvonfers

    2 Dec 2024

    3604 Impressions

    10 Retweets

    59 Likes

    14 Bookmarks

    2 Replies

    0 Quotes

  3. CVE-2024-20125 In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need... https://t.co/ayfr4sPgCd

    @VulmonFeeds

    2 Dec 2024

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125) Discover the latest Product Security Bulletin from #MediaTek addressing CVE-2024-20125, a vulnerability that allows unauthorized access to user devices. https://t.co/naOxUSnTO3

    @the_yellow_fall

    2 Dec 2024

    224 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-20125 In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges need… https://t.co/lugdsP6fN6

    @CVEnew

    2 Dec 2024

    580 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References