CRITICAL🇵🇱 Wersja polska

CVE-2024-20083

CVSS 9.8v3.1pub. 2024-08-14upd. 2025-05-30

In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

🤖 AI Analysis
How it works

The vulnerability (CWE-787) consists of writing data outside the allocated memory area in the venc component (video encoder). Lack of buffer boundary checks allows exceeding the write range, which can result in overwriting critical data structures in memory. Exploitation requires System execution privileges, but does not require any user interaction.

Impact

An attacker with System execution privileges can achieve local privilege escalation, potentially gaining full control over the device's operating system.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Patch identifiers: ALPS08810810 / ALPS08805789 (Issue ID: MSV-1502), published in the MediaTek security bulletin for August (August 2024).

Who is affected

Google Android on devices with MediaTek chipsets: MT6765, MT6768, MT6779, MT6785

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    12.0
  • Mediatek Mt6765

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6768

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6779

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6785

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8321

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8385

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8666

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8667

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8755

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8765

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8766

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8768

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8771

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8775

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8781

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8786

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8788

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8789

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8791t

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8792

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8795t

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8796

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8797

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8798

    HW
    Mediatek
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...