cbcvebase.
CVE-2024-20101
published 2024-10-07

CVE-2024-20101: In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.31%
22.9th percentile
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.

Affected

5 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
mediateksoftware_development_kit<= 3.3

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the wlan driver component; monitor for anomalous WLAN-related kernel activity or crashes that may indicate exploitation attempts targeting out-of-bounds write primitives in the wlan driver.
  • No user interaction is required and no additional privileges are needed; exploitation can be triggered remotely over WLAN, making any device with an unpatched wlan driver potentially exploitable without user action.
  • Track patch status using MediaTek Patch ID ALPS08998901 and Issue ID MSV-1602 to identify unpatched devices in fleet inventory.
  • ·This vulnerability is rated HIGH severity and affects the MediaTek wlan driver component as disclosed in the Android Security Bulletin for October 2024; scope may be limited to MediaTek-chipset devices.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.