CVE-2024-20011: Buffer Overflow
First published: Mon Feb 05 2024(Updated: )
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| All of | ||
| Any of | ||
| Google Android | =11.0 | |
| Google Android | =12.0 | |
| Google Android | =13.0 | |
| Any of | ||
| MediaTek MT6985T | ||
| MediaTek MT8127 | ||
| Mediatek MT8135 | ||
| Mediatek MT8167 | ||
| MediaTek MT8167S Firmware | ||
| MediaTek MT8168 | ||
| MediaTek MT8173 | ||
| MediaTek MT8175 Firmware | ||
| MediaTek MT8176 | ||
| MediaTek MT8183 | ||
| MediaTek MT8185 | ||
| MediaTek MT8188 | ||
| MediaTek MT8188T | ||
| MediaTek MT8195Z | ||
| MediaTek MT8195Z | ||
| MediaTek MT8312C | ||
| MediaTek MT8312D |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20011?
CVE-2024-20011 has a high severity due to its potential to cause remote code execution.
How do I fix CVE-2024-20011?
To fix CVE-2024-20011, apply the security patch ALPS08441146 from the manufacturer.
Which versions of Android are affected by CVE-2024-20011?
CVE-2024-20011 affects Android versions 11.0, 12.0, and 13.0.
What are the risks associated with CVE-2024-20011?
The risks include potential remote code execution with no additional execution privileges required.
Is user interaction needed for CVE-2024-20011 exploitation?
No, user interaction is not needed for the exploitation of CVE-2024-20011.
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google android
- version/google android/11.0
- version/google android/12.0
- version/google android/13.0
- vendor/mediatek
- canonical/mediatek mt6985t
- canonical/mediatek mt8127
- canonical/mediatek mt8135
- canonical/mediatek mt8167
- canonical/mediatek mt8167s firmware
- canonical/mediatek mt8168
- canonical/mediatek mt8173
- canonical/mediatek mt8175 firmware
- canonical/mediatek mt8176
- canonical/mediatek mt8183
- canonical/mediatek mt8185
- canonical/mediatek mt8188
- canonical/mediatek mt8188t
- canonical/mediatek mt8195z
- canonical/mediatek mt8312c
- canonical/mediatek mt8312d