CVE-2024-20139 — Reachable Assertion in Software Development KIT

CWE-617 — Reachable Assertion3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 79.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediatek Software Development KIT Google Android Linuxfoundation Yocto +1 more

Timeline

PublishedDec 2

Description

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDmediatek/software_development_kit3.3

▶NVDgoogle/android13.0, 14.0, 15.0+2

▶NVDopenwrt/openwrt23.05.0

▶NVDlinuxfoundation/yocto3.3, 4.0, 5.0+2

🔴Vulnerability Details

CVEList

CVE-2024-20139: In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions↗2024-12-02

▶

GHSA

GHSA-mgww-wpg8-7gmj: In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions↗2024-12-02

▶