What is the severity of CVE-2024-20131?

CVE-2024-20131 has a medium severity as it may allow local escalation of privilege without user interaction.

How do I fix CVE-2024-20131?

To fix CVE-2024-20131, apply Patch ID MOLY01395886 to the affected MediaTek devices.

Which devices are affected by CVE-2024-20131?

CVE-2024-20131 affects MediaTek NR16 and NR17 modems among other related hardware.

Is user interaction required to exploit CVE-2024-20131?

No, user interaction is not needed for the exploitation of CVE-2024-20131.

Vulnerability/
CVE-2024-20131

medium

6.7

CWE

787

2/12/2024

22/4/2025

CVE-2024-20131

First published: Mon Dec 02 2024(Updated: )

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873.

Credit: security@mediatek.com

Affected Software	Affected Version	How to fix
All of
Any of
MediaTek NR16
MediaTek NR17
Any of
MediaTek MT2737
Mediatek Mt2739
MediaTek M6789
MediaTek MT6813
MediaTek MT6815
MediaTek MT6835
Mediatek MT6835T
MediaTek MT6855
MediaTek MT6878
Mediatek Mt6878t
MediaTek MT6879
MediaTek MT6886
MediaTek MT6895
MediaTek MT6895T
MediaTek MT6896
MediaTek MT6897
MediaTek MT6899
MediaTek MT6980D
MediaTek MT6980D
MediaTek MT6983
MediaTek MT6985T
MediaTek MT6986
MediaTek MT6986D
Mediatek Mt6988
MediaTek MT6989
MediaTek MT6990
MediaTek MT6991
MediaTek MT8673
MediaTek MT8676
MediaTek MT8795T
MediaTek MT8798

Never miss a vulnerability like this again

Reference Links

https://corp.mediatek.com/product-security-bulletin/December-2024

Frequently Asked Questions

What is the severity of CVE-2024-20131?
CVE-2024-20131 has a medium severity as it may allow local escalation of privilege without user interaction.
How do I fix CVE-2024-20131?
To fix CVE-2024-20131, apply Patch ID MOLY01395886 to the affected MediaTek devices.
Which devices are affected by CVE-2024-20131?
CVE-2024-20131 affects MediaTek NR16 and NR17 modems among other related hardware.
Is user interaction required to exploit CVE-2024-20131?
No, user interaction is not needed for the exploitation of CVE-2024-20131.
What kind of issue does CVE-2024-20131 represent?
CVE-2024-20131 represents a possible escalation of privilege due to an incorrect bounds check in the modem.

Frequently Asked Questions

What is the severity of CVE-2024-20131?
CVE-2024-20131 has a medium severity as it may allow local escalation of privilege without user interaction.
How do I fix CVE-2024-20131?
To fix CVE-2024-20131, apply Patch ID MOLY01395886 to the affected MediaTek devices.
Which devices are affected by CVE-2024-20131?
CVE-2024-20131 affects MediaTek NR16 and NR17 modems among other related hardware.
Is user interaction required to exploit CVE-2024-20131?
No, user interaction is not needed for the exploitation of CVE-2024-20131.
What kind of issue does CVE-2024-20131 represent?
CVE-2024-20131 represents a possible escalation of privilege due to an incorrect bounds check in the modem.

CVE-2024-20131

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-20131?

How do I fix CVE-2024-20131?

Which devices are affected by CVE-2024-20131?

Is user interaction required to exploit CVE-2024-20131?

What kind of issue does CVE-2024-20131 represent?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-20131?

How do I fix CVE-2024-20131?

Which devices are affected by CVE-2024-20131?

Is user interaction required to exploit CVE-2024-20131?

What kind of issue does CVE-2024-20131 represent?