CVE-2024-20138Out-of-bounds Read in Software Development KIT

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mediatek Software Development KITGoogle Android
Timeline
PublishedDec 2

Description

In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android13.0, 14.0, 15.0+2

🔴Vulnerability Details

2
GHSA
GHSA-2c5p-v6r6-q8xj: In wlan driver, there is a possible out of bound read due to improper input validation2024-12-02
CVEList
CVE-2024-20138: In wlan driver, there is a possible out of bound read due to improper input validation2024-12-02
CVE-2024-20138 — Out-of-bounds Read | cvebase