The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV, Computer Vision and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2024-20017 |
|---|---|
| Title | Improper input validation in wlan service |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation |
| Affected Chipsets | MT6890, MT7622, MT7915, MT7916, MT7981, MT7986 |
| Affected Software Versions | SDK version 7.4.0.1 and before (for MT7622 and MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02 (for MT6890) |
| CVE | CVE-2024-20020 |
|---|---|
| Title | Out-of-bounds write in OPTEE |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2715, MT8173, MT8188, MT8195, MT8390, MT8395 |
| Affected Software Versions | Android 13.0 |
| CVE | CVE-2024-20018 |
|---|---|
| Title | Improper input validation in wlan driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7615 |
| Affected Software Versions | SDK version 5.1.0.0 and before |
| CVE | CVE-2024-20019 |
|---|---|
| Title | Missing release of memory after effective lifetime in wlan driver |
| Severity | High |
| Vulnerability Type | DoS |
| CWE | CWE-401 Missing Release of Memory after Effective Lifetime |
| Description | In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7925, MT7927 |
| Affected Software Versions | SW package release 2023.11.10 and before |
| CVE | CVE-2024-20005 |
|---|---|
| Title | Improper access control in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-284 Improper Access Control |
| Description | In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8676, MT8678 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20022 |
|---|---|
| Title | Improper privilege management in lk |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-269 Improper Privilege Management |
| Description | In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2737, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8321, MT8385, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8796, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
| CVE | CVE-2024-20023 |
|---|---|
| Title | Out-of-bounds write in flashc |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8188, MT8188T, MT8370, MT8390, MT8673, MT8676, MT8678 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
| CVE | CVE-2024-20024 |
|---|---|
| Title | Out-of-bounds write in flashc |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6781, MT6789, MT6833, MT6835, MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8676, MT8678 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20025 |
|---|---|
| Title | Improper check or handling of exceptional conditions in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-703 Improper Check or Handling of Exceptional Conditions |
| Description | In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20026 |
|---|---|
| Title | Out-of-bounds read in da |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20027 |
|---|---|
| Title | Improper input validation in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20028 |
|---|---|
| Title | Improper input validation in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20030 |
|---|---|
| Title | Improper input validation in da |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8195, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20031 |
|---|---|
| Title | Improper input validation in da |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20029 |
|---|---|
| Title | Improper input validation in wlan firmware |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6985, MT6989, MT8678, MT8796 |
| Affected Software Versions | Android 13.0, 14.0 |
| CVE | CVE-2024-20032 |
|---|---|
| Title | Improper privilege management in aee |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-269 Improper Privilege Management |
| Description | In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8321, MT8673, MT8765, MT8766, MT8768, MT8781, MT8789, MT8791, MT8792, MT8796 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20033 |
|---|---|
| Title | Out-of-bounds read in nvram |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT6789, MT6835, MT6855, MT6879, MT6883, MT6885, MT6886, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8792, MT8796, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20034 |
|---|---|
| Title | Out-of-bounds write in battery |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6765, MT6768, MT6855, MT6895, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20036 |
|---|---|
| Title | Improper access control in vdec |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-284 Improper Access Control |
| Description | In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8792, MT8796, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20037 |
|---|---|
| Title | Write-what-where condition in pq |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-123 Write-what-where Condition |
| Description | In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| CVE | CVE-2024-20038 |
|---|---|
| Title | Out-of-bounds read in pq |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | March 4, 2024 | Bulletin published. |
| 1.1 | March 6, 2024 | CVE table updated. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.