CVE-2024-20146
published 2025-01-06CVE-2024-20146: In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with…
PriorityP343high8.1CVSS 3.1
AVAACLPRNUINSUCNIHAH
EPSS
0.14%
3.4th percentile
In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| linuxfoundation | yocto | — | — |
| linuxfoundation | yocto | — | — |
| linuxfoundation | yocto | — | — |
| mediatek | software_development_kit | <= 2.5 | — |
| openwrt | openwrt | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fvq7-q423-52g3: In wlan STA driver, there is a possible out of bounds write due to improper input validation
ghsa_unreviewed·2025-01-06
CVE-2024-20146 [HIGH] CWE-787 GHSA-fvq7-q423-52g3: In wlan STA driver, there is a possible out of bounds write due to improper input validation
In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.
Android
CVE-2024-20146: wlan
vendor_android·2025-01-01·CVSS 8.1
CVE-2024-20146 [HIGH] CVE-2024-20146: wlan
Android Security Bulletin 2025-01-01
CVE: CVE-2024-20146
Severity: HIGH
Component: wlan
References: A-376814209
M-ALPS09137491 *
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-06
Published