CVE-2024-20146 — Out-of-bounds Write in Software Development KIT

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.0%

top 87.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediatek Software Development KIT Google Android Linuxfoundation Yocto +1 more

Timeline

PublishedJan 6

Description

In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDmediatek/software_development_kit2.5

▶NVDgoogle/android13.0, 14.0, 15.0+2

▶NVDopenwrt/openwrt23.05

▶NVDlinuxfoundation/yocto3.3, 4.0, 5.0+2

🔴Vulnerability Details

CVEList

CVE-2024-20146: In wlan STA driver, there is a possible out of bounds write due to improper input validation↗2025-01-06

▶

GHSA

GHSA-fvq7-q423-52g3: In wlan STA driver, there is a possible out of bounds write due to improper input validation↗2025-01-06

▶

📋Vendor Advisories

Android

CVE-2024-20146: wlan↗2025-01-01

▶