CVE-2024-20151
First published: Mon Jan 06 2025(Updated: )
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| MediaTek NR16 | ||
| MediaTek NR17 | ||
| Any of | ||
| MediaTek MT2737 | ||
| Mediatek Mt2739 | ||
| MediaTek M6789 | ||
| MediaTek MT6813 | ||
| MediaTek MT6815 | ||
| MediaTek MT6835 | ||
| Mediatek MT6835T | ||
| MediaTek MT6855 | ||
| MediaTek MT6878 | ||
| Mediatek Mt6878t | ||
| MediaTek MT6879 | ||
| MediaTek MT6886 | ||
| MediaTek MT6895 | ||
| MediaTek MT6895T | ||
| MediaTek MT6896 | ||
| MediaTek MT6897 | ||
| MediaTek MT6899 | ||
| MediaTek MT6980D | ||
| MediaTek MT6980D | ||
| MediaTek MT6983 | ||
| MediaTek MT6985T | ||
| MediaTek MT6986 | ||
| MediaTek MT6986D | ||
| Mediatek Mt6988 | ||
| MediaTek MT6989 | ||
| MediaTek MT6990 | ||
| MediaTek MT6991 | ||
| MediaTek MT8676 | ||
| MediaTek MT8678 | ||
| MediaTek MT8798 | ||
| MediaTek MT8863 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-20151?
CVE-2024-20151 has a severity rating that indicates a possible out of bounds write leading to local escalation of privilege.
How do I fix CVE-2024-20151?
To fix CVE-2024-20151, apply the available patch identified as MOLY01399339.
Which devices are affected by CVE-2024-20151?
CVE-2024-20151 affects specific MediaTek modem models, including NR16 and NR17.
Does CVE-2024-20151 require user interaction for exploitation?
No, CVE-2024-20151 does not require user interaction for exploitation.
Can CVE-2024-20151 allow a malicious actor to gain elevated privileges?
Yes, CVE-2024-20151 can allow a malicious actor with System privileges to escalate their privileges further.
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/event
- agent/tags
- vendor/mediatek
- canonical/mediatek nr16
- canonical/mediatek nr17
- canonical/mediatek mt2737
- canonical/mediatek mt2739
- canonical/mediatek m6789
- canonical/mediatek mt6813
- canonical/mediatek mt6815
- canonical/mediatek mt6835
- canonical/mediatek mt6835t
- canonical/mediatek mt6855
- canonical/mediatek mt6878
- canonical/mediatek mt6878t
- canonical/mediatek mt6879
- canonical/mediatek mt6886
- canonical/mediatek mt6895
- canonical/mediatek mt6895t
- canonical/mediatek mt6896
- canonical/mediatek mt6897
- canonical/mediatek mt6899
- canonical/mediatek mt6980d
- canonical/mediatek mt6983
- canonical/mediatek mt6985t
- canonical/mediatek mt6986
- canonical/mediatek mt6986d
- canonical/mediatek mt6988
- canonical/mediatek mt6989
- canonical/mediatek mt6990
- canonical/mediatek mt6991
- canonical/mediatek mt8676
- canonical/mediatek mt8678
- canonical/mediatek mt8798
- canonical/mediatek mt8863