CRITICAL🇵🇱 Wersja polska

CVE-2024-20080

CVSS 9.8v3.1pub. 2024-07-01upd. 2025-05-28

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

🤖 AI Analysis
How it works

The GNSS service improperly validates certificates (improper certificate validation, CWE-295), which allows an attacker to conduct a remote network-based attack. The vulnerability enables bypassing trust mechanisms based on certificates, resulting in obtaining elevated privileges in the system. Exploitation does not require any additional execution privileges or user interaction.

Impact

An attacker can remotely obtain privilege escalation on a vulnerable device, potentially gaining full control over it with high impact on confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the manufacturer according to references — MediaTek Product Security Bulletin from July 2024 (https://corp.mediatek.com/product-security-bulletin/July-2024). Patch ID: ALPS08720039.

Who is affected

Devices based on Linux Foundation Yocto platforms, RDK-B (Rdkcentral), and Google Android equipped with MediaTek components — specific versions indicated in manufacturer references (MediaTek Product Security Bulletin, July 2024). Patch ID: ALPS08720039; Issue ID: MSV-1424.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    13.014.0
  • Linuxfoundation Yocto

    APP
    Linuxfoundation
    2.63.34.0
  • Mediatek Mt2735

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt2737

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6761

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6765

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6768

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6781

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6785

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6789

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6833

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6853

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6853t

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6855

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6873

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6875

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6877

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6879

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6880

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6883

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6885

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6886

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6889

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6890

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6891

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6893

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6895

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6980

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6983

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6985

    HW
    Mediatek
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...