CVE-2024-20101: Input Validation
First published: Mon Oct 07 2024(Updated: )
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| All of | ||
| Any of | ||
| Mediatek Linkit Software Development Kit | <=3.3 | |
| Android | =13.0 | |
| Android | =14.0 | |
| Android | =15.0 | |
| Any of | ||
| Mediatek MT3605 | ||
| MediaTek MT6985T | ||
| MediaTek MT6989 | ||
| MediaTek MT6990 | ||
| MediaTek MT7927 | ||
| MediaTek MT8183 | ||
| Mediatek MT8512 | ||
| MediaTek MT8676 | ||
| MediaTek MT8678 | ||
| MediaTek MT8695 Firmware | ||
| MediaTek MT8698 | ||
| MediaTek MT8755 | ||
| MediaTek MT8775 | ||
| MediaTek MT8792 | ||
| MediaTek MT8796 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20101?
The severity of CVE-2024-20101 is critical due to the potential for remote code execution without user interaction.
How do I fix CVE-2024-20101?
To fix CVE-2024-20101, apply the patch with ID ALPS08998901 provided by the vendor.
Which software is affected by CVE-2024-20101?
CVE-2024-20101 affects Google Android operating systems.
What is the nature of the vulnerability in CVE-2024-20101?
CVE-2024-20101 is an out-of-bounds write vulnerability due to improper input validation in the wlan driver.
Is user interaction required to exploit CVE-2024-20101?
No, user interaction is not needed to exploit CVE-2024-20101.
- agent/weakness
- agent/type
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/source
- agent/first-publish-date
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- vendor/google
- canonical/android
- vendor/mediatek
- canonical/mediatek linkit software development kit
- version/mediatek linkit software development kit/3.3
- version/android/13.0
- version/android/14.0
- version/android/15.0
- canonical/mediatek mt3605
- canonical/mediatek mt6985t
- canonical/mediatek mt6989
- canonical/mediatek mt6990
- canonical/mediatek mt7927
- canonical/mediatek mt8183
- canonical/mediatek mt8512
- canonical/mediatek mt8676
- canonical/mediatek mt8678
- canonical/mediatek mt8695 firmware
- canonical/mediatek mt8698
- canonical/mediatek mt8755
- canonical/mediatek mt8775
- canonical/mediatek mt8792
- canonical/mediatek mt8796