CVE-2024-20040: Input Validation
First published: Mon Apr 01 2024(Updated: )
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| All of | ||
| Any of | ||
| Yocto Project | =3.3 | |
| Yocto Project | =4.0 | |
| RDK Central RDKB | =2022q3 | |
| Android | =12.0 | |
| Android | =13.0 | |
| Android | =14.0 | |
| Linux Kernel | =4.19 | |
| Open edX | =19.07.0 | |
| Open edX | =21.02.0 | |
| Any of | ||
| MediaTek MT2713 | ||
| Mediatek MT6580 | ||
| MediaTek MT6761 | ||
| MediaTek MT6762M | ||
| MediaTek MT6768 | ||
| MediaTek MT6781 | ||
| MediaTek M6789 | ||
| MediaTek MT6833 | ||
| MediaTek MT6853 | ||
| MediaTek MT6853T | ||
| MediaTek MT6855 | ||
| MediaTek MT6873 | ||
| MediaTek MT6875T | ||
| MediaTek MT6877 | ||
| MediaTek MT6879 | ||
| MediaTek MT6883 | ||
| MediaTek MT6885 | ||
| MediaTek MT6886 | ||
| MediaTek MT6889 | ||
| MediaTek MT6890 | ||
| MediaTek MT6891 | ||
| MediaTek MT6893 | ||
| MediaTek MT6895 | ||
| MediaTek MT6983 | ||
| MediaTek MT6985T | ||
| MediaTek MT6989 | ||
| MediaTek MT6990 | ||
| MediaTek MT7902 | ||
| mediatek mt7915 firmware | ||
| MediaTek MT7916 Firmware | ||
| MediaTek MT7920 | ||
| MediaTek MT7921 | ||
| MediaTek MT7922 | ||
| Mediatek Mt7925 | ||
| MediaTek MT7927 | ||
| MediaTek MT7981 Firmware | ||
| MediaTek MT7986 | ||
| MediaTek MT8188 | ||
| MediaTek MT8195Z | ||
| MediaTek MT8370 | ||
| MediaTek MT8390 | ||
| MediaTek MT8395 | ||
| MediaTek MT8518S Firmware | ||
| MediaTek MT8532 | ||
| MediaTek MT8673 | ||
| MediaTek MT8678 | ||
| MediaTek MT8781 WiFi | ||
| MediaTek MT8791T | ||
| MediaTek MT8792 | ||
| MediaTek MT8796 | ||
| MediaTek MT8797 WiFi | ||
| MediaTek MT8798 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20040?
CVE-2024-20040 has a high severity due to its potential for remote privilege escalation.
How do I fix CVE-2024-20040?
To fix CVE-2024-20040, apply the available patches such as Patch ID: ALPS08360153 for MT6XXX chipsets.
What types of devices are affected by CVE-2024-20040?
CVE-2024-20040 affects devices running Google Android that utilize specific wlan firmware.
Can CVE-2024-20040 be exploited without user interaction?
Yes, CVE-2024-20040 can be exploited remotely without any user interaction required.
What consequences could arise from CVE-2024-20040?
The consequence of CVE-2024-20040 could lead to unauthorized escalation of privileges on affected devices.
- agent/type
- agent/description
- agent/author
- agent/references
- agent/first-publish-date
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/google
- canonical/android
- vendor/linuxfoundation
- canonical/yocto project
- version/yocto project/3.3
- version/yocto project/4.0
- vendor/rdkcentral
- canonical/rdk central rdkb
- version/rdk central rdkb/2022q3
- version/android/12.0
- version/android/13.0
- version/android/14.0
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.19
- vendor/openwrt
- canonical/open edx
- version/open edx/19.07.0
- version/open edx/21.02.0
- vendor/mediatek
- canonical/mediatek mt2713
- canonical/mediatek mt6580
- canonical/mediatek mt6761
- canonical/mediatek mt6762m
- canonical/mediatek mt6768
- canonical/mediatek mt6781
- canonical/mediatek m6789
- canonical/mediatek mt6833
- canonical/mediatek mt6853
- canonical/mediatek mt6853t
- canonical/mediatek mt6855
- canonical/mediatek mt6873
- canonical/mediatek mt6875t
- canonical/mediatek mt6877
- canonical/mediatek mt6879
- canonical/mediatek mt6883
- canonical/mediatek mt6885
- canonical/mediatek mt6886
- canonical/mediatek mt6889
- canonical/mediatek mt6890
- canonical/mediatek mt6891
- canonical/mediatek mt6893
- canonical/mediatek mt6895
- canonical/mediatek mt6983
- canonical/mediatek mt6985t
- canonical/mediatek mt6989
- canonical/mediatek mt6990
- canonical/mediatek mt7902
- canonical/mediatek mt7915 firmware
- canonical/mediatek mt7916 firmware
- canonical/mediatek mt7920
- canonical/mediatek mt7921
- canonical/mediatek mt7922
- canonical/mediatek mt7925
- canonical/mediatek mt7927
- canonical/mediatek mt7981 firmware
- canonical/mediatek mt7986
- canonical/mediatek mt8188
- canonical/mediatek mt8195z
- canonical/mediatek mt8370
- canonical/mediatek mt8390
- canonical/mediatek mt8395
- canonical/mediatek mt8518s firmware
- canonical/mediatek mt8532
- canonical/mediatek mt8673
- canonical/mediatek mt8678
- canonical/mediatek mt8781 wifi
- canonical/mediatek mt8791t
- canonical/mediatek mt8792
- canonical/mediatek mt8796
- canonical/mediatek mt8797 wifi
- canonical/mediatek mt8798