In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.
The vulnerability results from inadequate input data validation in the WLAN driver (CWE-787 — out of bounds write). An attacker can send crafted network data that causes writes outside the designated memory area. Since the attack is possible over the network (AV:N), without required privileges (PR:N) and without user interaction (UI:N), the attack surface is very wide. Successful exploitation of the vulnerability can lead to device takeover.
An attacker can remotely execute arbitrary code on a vulnerable device, gaining full access to the confidentiality, integrity, and availability of the system (CVSS scores C:H/I:H/A:H).
The patch with identifier ALPS08998901 (Issue ID: MSV-1602) available from the manufacturer must be applied. Detailed information about versions containing the fix can be found in the MediaTek security bulletin: https://corp.mediatek.com/product-security-bulletin/October-2024
MediaTek SDK, Google Android (versions indicated in manufacturer references), and the MediaTek MT3605 chip — detailed versions available in the MediaTek security bulletin from October 2024.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGoogle Android
OSGoogle13.014.015.0Mediatek Mt3605
HWMediatekwszystkie wersjeMediatek Mt6985
HWMediatekwszystkie wersjeMediatek Mt6989
HWMediatekwszystkie wersjeMediatek Mt6990
HWMediatekwszystkie wersjeMediatek Mt7927
HWMediatekwszystkie wersjeMediatek Mt8183
HWMediatekwszystkie wersjeMediatek Mt8512
HWMediatekwszystkie wersjeMediatek Mt8676
HWMediatekwszystkie wersjeMediatek Mt8678
HWMediatekwszystkie wersjeMediatek Mt8695
HWMediatekwszystkie wersjeMediatek Mt8698
HWMediatekwszystkie wersjeMediatek Mt8755
HWMediatekwszystkie wersjeMediatek Mt8775
HWMediatekwszystkie wersjeMediatek Mt8792
HWMediatekwszystkie wersjeMediatek Mt8796
HWMediatekwszystkie wersjeMediatek Software Development Kit
APPMediatek≤ 3.3
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...