CRITICAL🇵🇱 Wersja polska

CVE-2024-20078

CVSS 9.8v3.1pub. 2024-07-01upd. 2025-05-28

In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.

🤖 AI Analysis
How it works

A CWE-843 type confusion error in the venc component causes data to be interpreted as a different type than it was allocated, enabling an out-of-bounds write to the allocated buffer memory. An attacker with System-level privileges can exploit this vulnerability without any user interaction. This results in the possibility of code execution with elevated privileges in the system context.

Impact

An attacker can cause local privilege escalation on the vulnerable device. Violation of confidentiality, integrity, and availability of the system is possible.

Mitigation & patch

Apply patch with identifier ALPS08737250 (Issue ID: MSV-1452) available in the MediaTek security bulletin from July 2024. The update should be deployed according to the manufacturer's references: https://corp.mediatek.com/product-security-bulletin/July-2024

Who is affected

Devices running Google Android equipped with MediaTek MT6768 and MT6779 processors. Specific software versions are indicated in the manufacturer's references (MediaTek security bulletin from July 2024).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    12.013.014.0
  • Mediatek Mt6768

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6779

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8321

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8385

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8755

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8765

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8766

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8768

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8771

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8775

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8781

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8786

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8788

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8789

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8791t

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8792

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8795t

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8796

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8797

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8798

    HW
    Mediatek
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...