CVE-2024-20040Out-of-bounds Write in Google Android

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google AndroidLinux KernelLinuxfoundation Yocto+2 more
Timeline
PublishedApr 1

Description

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDgoogle/android12.0, 13.0, 14.0+2
NVDopenwrt/openwrt19.07.0, 21.02.0+1
NVDrdkcentral/rdk-b2022q3
NVDlinuxfoundation/yocto3.3, 4.0+1

🔴Vulnerability Details

2
GHSA
GHSA-8rm5-h6c9-v86r: In wlan firmware, there is a possible out of bounds write due to improper input validation2024-04-01
CVEList
CVE-2024-20040: In wlan firmware, there is a possible out of bounds write due to improper input validation2024-04-01

📋Vendor Advisories

1
Android
CVE-2024-20040: wlan firmware2024-04-01
CVE-2024-20040 — Out-of-bounds Write in Google Android | cvebase