The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Wi-Fi, TV, Computer Vision and Audio chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2024-20017 |
|---|---|
| Title | Improper input validation in wlan service |
| Severity | High |
| Vulnerability Type | RCE |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation |
| Affected Chipsets | MT6890, MT7622, MT7915, MT7916, MT7981, MT7986 |
| Affected Software Versions | SDK version 7.4.0.1 and before (for MT7622 and MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02 (for MT6890) |
| Report Source | External |
| CVE | CVE-2024-20020 |
|---|---|
| Title | Out-of-bounds write in OPTEE |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2715, MT8173, MT8188, MT8195, MT8390, MT8395 |
| Affected Software Versions | Android 13.0 |
| Report Source | External |
| CVE | CVE-2024-20018 |
|---|---|
| Title | Improper input validation in wlan driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7615 |
| Affected Software Versions | SDK version 5.1.0.0 and before |
| Report Source | External |
| CVE | CVE-2024-20019 |
|---|---|
| Title | Missing release of memory after effective lifetime in wlan driver |
| Severity | High |
| Vulnerability Type | DoS |
| CWE | CWE-401 Missing Release of Memory after Effective Lifetime |
| Description | In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7925, MT7927 |
| Affected Software Versions | SW package release 2023.11.10 and before |
| Report Source | Internal |
| CVE | CVE-2024-20005 |
|---|---|
| Title | Improper access control in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-284 Improper Access Control |
| Description | In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8675, MT8676, MT8678 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20022 |
|---|---|
| Title | Improper privilege management in lk |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-269 Improper Privilege Management |
| Description | In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2737, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8321, MT8385, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8796, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
| Report Source | Internal |
| CVE | CVE-2024-20023 |
|---|---|
| Title | Out-of-bounds write in flashc |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT2737, MT6781, MT6789, MT6835, MT6855, MT6879, MT6880, MT6886, MT6890, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8188, MT8188T, MT8370, MT8390, MT8673, MT8676, MT8678 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 / OpenWrt 19.07, 21.02 / Yocto 3.3 / RDK-B 22Q3 |
| Report Source | Internal |
| CVE | CVE-2024-20024 |
|---|---|
| Title | Out-of-bounds write in flashc |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6781, MT6789, MT6833, MT6835, MT6879, MT6886, MT6895, MT6983, MT6985, MT6989, MT8666, MT8666A, MT8666B, MT8667, MT8673, MT8676, MT8678 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20025 |
|---|---|
| Title | Improper check or handling of exceptional conditions in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-703 Improper Check or Handling of Exceptional Conditions |
| Description | In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8673, MT8678, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8796, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20026 |
|---|---|
| Title | Out-of-bounds read in da |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20027 |
|---|---|
| Title | Improper input validation in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20028 |
|---|---|
| Title | Improper input validation in da |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20030 |
|---|---|
| Title | Improper input validation in da |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8195, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20031 |
|---|---|
| Title | Improper input validation in da |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8163, MT8167, MT8168, MT8512 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20029 |
|---|---|
| Title | Improper input validation in wlan firmware |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6985, MT6989, MT8678, MT8796 |
| Affected Software Versions | Android 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20032 |
|---|---|
| Title | Improper privilege management in aee |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-269 Improper Privilege Management |
| Description | In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8321, MT8673, MT8765, MT8766, MT8768, MT8781, MT8789, MT8791, MT8792, MT8796 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | External |
| CVE | CVE-2024-20033 |
|---|---|
| Title | Out-of-bounds read in nvram |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2713, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT6789, MT6835, MT6855, MT6879, MT6883, MT6885, MT6886, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8755, MT8765, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791, MT8792, MT8796, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | External |
| CVE | CVE-2024-20034 |
|---|---|
| Title | Out-of-bounds write in battery |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6761, MT6765, MT6768, MT6855, MT6895, MT8167, MT8168, MT8188, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | External |
| CVE | CVE-2024-20036 |
|---|---|
| Title | Improper access control in vdec |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-284 Improper Access Control |
| Description | In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6835, MT6855, MT6879, MT6886, MT6895, MT6983, MT6985, MT8792, MT8796, MT8798 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | Internal |
| CVE | CVE-2024-20037 |
|---|---|
| Title | Write-what-where condition in pq |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-123 Write-what-where Condition |
| Description | In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | External |
| CVE | CVE-2024-20038 |
|---|---|
| Title | Out-of-bounds read in pq |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6983, MT6985, MT6989, MT8168, MT8188, MT8195, MT8673, MT8675 |
| Affected Software Versions | Android 12.0, 13.0, 14.0 |
| Report Source | External |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | March 4, 2024 | Bulletin published. |
| 1.1 | March 6, 2024 | CVE table updated. |
| 1.2 | January 10, 2025 | Report Source information has been added to all the CVEs. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.