CVE-2024-20145
First published: Mon Jan 06 2025(Updated: )
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-20145?
CVE-2024-20145 is considered to have a high severity due to the potential for local escalation of privilege.
How do I fix CVE-2024-20145?
To fix CVE-2024-20145, users should apply the patch ID ALPS09290940 provided by the vendor.
What are the potential impacts of CVE-2024-20145?
The potential impact of CVE-2024-20145 includes unauthorized access and privilege escalation if an attacker has physical access to the affected device.
Is user interaction required for exploiting CVE-2024-20145?
Yes, user interaction is needed for exploiting CVE-2024-20145.
Which devices are affected by CVE-2024-20145?
CVE-2024-20145 affects devices running Google Android software.
- agent/weakness
- agent/type
- agent/description
- agent/author
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/source
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- vendor/google
- canonical/android