CVE-2024-20100
published 2024-10-07CVE-2024-20100: In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.32%
24.1th percentile
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| mediatek | iot_yocto | — | — |
| mediatek | software_development_kit | <= 3.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the wlan driver component; monitor for anomalous WLAN driver activity or unexpected out-of-bounds memory writes originating from wireless input processing on affected MediaTek devices. ↗
- →No user interaction is required and no additional privileges are needed; exploitation can be triggered remotely over WLAN, making passive network-level monitoring (e.g., for malformed 802.11 frames) a relevant detection surface. ↗
- →Track patch status using MediaTek patch ID ALPS08998449 and issue ID MSV-1603 to identify unpatched devices in asset inventories. ↗
- →Android Security Bulletin reference A-359699097 and M-ALPS08998449 can be used to verify patch application on Android devices via build fingerprint or security patch level checks (2024-10-01 SPL). ↗
- ·The vulnerability is rated HIGH severity and is limited to the MediaTek wlan driver component; affected device scope is constrained to MediaTek-chipset Android devices addressed in the 2024-10-01 Android Security Bulletin. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2024-20100: wlan
vendor_android·2024-10-01·CVSS 9.8
CVE-2024-20100 [CRITICAL] CVE-2024-20100: wlan
Android Security Bulletin 2024-10-01
CVE: CVE-2024-20100
Severity: HIGH
Component: wlan
References: A-359699097
M-ALPS08998449 *
GHSA
GHSA-g4jv-rpgh-595r: In wlan driver, there is a possible out of bounds write due to improper input validation
ghsa_unreviewed·2024-10-07
CVE-2024-20100 [CRITICAL] CWE-787 GHSA-g4jv-rpgh-595r: In wlan driver, there is a possible out of bounds write due to improper input validation
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-07
Published