What is the severity of CVE-2024-20021?

CVE-2024-20021 has a medium severity rating and can potentially lead to local escalation of privilege.

How do I fix CVE-2024-20021?

To fix CVE-2024-20021, apply the patch identified as ALPS08584568.

Is user interaction required to exploit CVE-2024-20021?

No, user interaction is not required for exploiting CVE-2024-20021.

Which versions of Android are affected by CVE-2024-20021?

CVE-2024-20021 affects Android versions 12.0, 13.0, and 14.0.

What could be the potential impact of CVE-2024-20021?

The potential impact of CVE-2024-20021 includes unauthorized local escalation of privileges leading to system-level access.

Vulnerability/
CVE-2024-20021

medium

6.7

CWE

269

6/5/2024

30/4/2025

CVE-2024-20021

First published: Mon May 06 2024(Updated: )

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249.

Credit: security@mediatek.com

Affected Software	Affected Version	How to fix
All of
Any of
Android	=12.0
Android	=13.0
Android	=14.0
Any of
MediaTek MT6768
MediaTek MT6781
MediaTek MT6785T
MediaTek MT6833
MediaTek MT6853
MediaTek MT6873
MediaTek MT6877
MediaTek MT6885
MediaTek MT6893
MediaTek MT8168
MediaTek MT8183
MediaTek MT8188
MediaTek MT8188T
MediaTek MT8195Z
MediaTek MT8195Z
MediaTek MT8321
MediaTek MT8362A Firmware
MediaTek MT8365 Firmware
MediaTek MT8385 Firmware
MediaTek MT8666
MediaTek MT8666
Mediatek MT8666B
MediaTek MT8667
MediaTek MT8673
MediaTek MT8675
MediaTek MT8676
MediaTek MT8678
MediaTek MT8765
MediaTek MT8766Z
MediaTek MT8766Z
MediaTek MT8768
Mediatek MT8768A
MediaTek MT8768B
MediaTek MT8768T
MediaTek MT8768Z
MediaTek MT8781 WiFi
MediaTek MT8786
MediaTek MT8788 Firmware
MediaTek MT8788T
MediaTek MT8788X
MediaTek MT8788Z
MediaTek MT8792
MediaTek MT8795T
MediaTek MT8796
MediaTek MT8798

Never miss a vulnerability like this again

Reference Links

https://corp.mediatek.com/product-security-bulletin/May-2024

Frequently Asked Questions

What is the severity of CVE-2024-20021?
CVE-2024-20021 has a medium severity rating and can potentially lead to local escalation of privilege.
How do I fix CVE-2024-20021?
To fix CVE-2024-20021, apply the patch identified as ALPS08584568.
Is user interaction required to exploit CVE-2024-20021?
No, user interaction is not required for exploiting CVE-2024-20021.
Which versions of Android are affected by CVE-2024-20021?
CVE-2024-20021 affects Android versions 12.0, 13.0, and 14.0.
What could be the potential impact of CVE-2024-20021?
The potential impact of CVE-2024-20021 includes unauthorized local escalation of privileges leading to system-level access.

Frequently Asked Questions

What is the severity of CVE-2024-20021?
CVE-2024-20021 has a medium severity rating and can potentially lead to local escalation of privilege.
How do I fix CVE-2024-20021?
To fix CVE-2024-20021, apply the patch identified as ALPS08584568.
Is user interaction required to exploit CVE-2024-20021?
No, user interaction is not required for exploiting CVE-2024-20021.
Which versions of Android are affected by CVE-2024-20021?
CVE-2024-20021 affects Android versions 12.0, 13.0, and 14.0.
What could be the potential impact of CVE-2024-20021?
The potential impact of CVE-2024-20021 includes unauthorized local escalation of privileges leading to system-level access.

CVE-2024-20021

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-20021?

How do I fix CVE-2024-20021?

Is user interaction required to exploit CVE-2024-20021?

Which versions of Android are affected by CVE-2024-20021?

What could be the potential impact of CVE-2024-20021?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-20021?

How do I fix CVE-2024-20021?

Is user interaction required to exploit CVE-2024-20021?

Which versions of Android are affected by CVE-2024-20021?

What could be the potential impact of CVE-2024-20021?