CVE-2024-20066 - Vulnerability Details

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Mediatek	Mt6298 Mt6813 Mt6815 Mt6835 Mt6878 Mt6879 Mt6895 Mt6895t Mt6896 Mt6897 Mt6899 Mt6980 Mt6980d Mt6983 Mt6986 Mt6986d Mt6990 Mt6991 Mt8673 Mt8792 Mt8798 Nr16 Nr17

Configuration 1 [-]

AND

OR	cpe:2.3:o:mediatek:nr16:-:::::::*
	cpe:2.3:o:mediatek:nr17:-:::::::*

OR	cpe:2.3:h:mediatek:mt6298:-:::::::*
	cpe:2.3:h:mediatek:mt6813:-:::::::*
	cpe:2.3:h:mediatek:mt6815:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6895t:-:::::::*
	cpe:2.3:h:mediatek:mt6896:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6899:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6980d:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6986:-:::::::*
	cpe:2.3:h:mediatek:mt6986d:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt6991:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8792:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/June-2024

History

Thu, 27 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 03 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt6298 Mediatek mt6813 Mediatek mt6815 Mediatek mt6835 Mediatek mt6878 Mediatek mt6879 Mediatek mt6895 Mediatek mt6895t Mediatek mt6896 Mediatek mt6897 Mediatek mt6899 Mediatek mt6980 Mediatek mt6980d Mediatek mt6983 Mediatek mt6986 Mediatek mt6986d Mediatek mt6990 Mediatek mt6991 Mediatek mt8673 Mediatek mt8792 Mediatek mt8798 Mediatek nr16 Mediatek nr17
CPEs		cpe:2.3:h:mediatek:mt6298:-:::::::* cpe:2.3:h:mediatek:mt6813:-:::::::* cpe:2.3:h:mediatek:mt6815:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt6895t:-:::::::* cpe:2.3:h:mediatek:mt6896:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6899:-:::::::* cpe:2.3:h:mediatek:mt6980:-:::::::* cpe:2.3:h:mediatek:mt6980d:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6986:-:::::::* cpe:2.3:h:mediatek:mt6986d:-:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:h:mediatek:mt6991:-:::::::* cpe:2.3:h:mediatek:mt8673:-:::::::* cpe:2.3:h:mediatek:mt8792:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:o:mediatek:nr16:-:::::::* cpe:2.3:o:mediatek:nr17:-:::::::*
Vendors & Products		Mediatek Mediatek mt6298 Mediatek mt6813 Mediatek mt6815 Mediatek mt6835 Mediatek mt6878 Mediatek mt6879 Mediatek mt6895 Mediatek mt6895t Mediatek mt6896 Mediatek mt6897 Mediatek mt6899 Mediatek mt6980 Mediatek mt6980d Mediatek mt6983 Mediatek mt6986 Mediatek mt6986d Mediatek mt6990 Mediatek mt6991 Mediatek mt8673 Mediatek mt8792 Mediatek mt8798 Mediatek nr16 Mediatek nr17
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-06-03T02:04:43.910Z

Updated: 2025-03-27T15:50:05.143Z

Reserved: 2023-11-02T13:35:35.170Z

Link: CVE-2024-20066

Vulnrichment

Updated: 2024-08-01T21:52:31.671Z

NVD

Status : Modified

Published: 2024-06-03T02:15:08.630

Modified: 2025-03-27T16:15:21.380

Link: CVE-2024-20066

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object