CVE-2024-20152

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

CVSS

No CVSS.

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/January-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:linuxfoundation:yocto:3.3:::::::*
	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
	cpe:2.3:a:linuxfoundation:yocto:5.0:::::::*
	cpe:2.3:a:mediatek:software_development_kit::::::::
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*
	cpe:2.3:o:google:android:15.0:::::::*
	cpe:2.3:o:openwrt:openwrt:23.05:::::::*

OR	cpe:2.3:h:mediatek:mt2737:-:::::::*
	cpe:2.3:h:mediatek:mt3603:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt7902:-:::::::*
	cpe:2.3:h:mediatek:mt7920:-:::::::*
	cpe:2.3:h:mediatek:mt7922:-:::::::*
	cpe:2.3:h:mediatek:mt8518s:-:::::::*
	cpe:2.3:h:mediatek:mt8532:-:::::::*
	cpe:2.3:h:mediatek:mt8755:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8775:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*
	cpe:2.3:h:mediatek:mt8893:-:::::::*

History

21 Apr 2025, 17:12

Type	Values Removed	Values Added
First Time		Mediatek mt6897 Linuxfoundation yocto Mediatek mt8766 Google Google android Mediatek mt6886 Mediatek mt8755 Mediatek mt6990 Mediatek mt8798 Mediatek mt6835 Mediatek mt8781 Mediatek mt3603 Mediatek Mediatek mt7920 Openwrt openwrt Mediatek mt6878 Mediatek mt8532 Mediatek mt8796 Mediatek mt8775 Mediatek mt7922 Openwrt Linuxfoundation Mediatek software Development Kit Mediatek mt7902 Mediatek mt8768 Mediatek mt2737 Mediatek mt8893 Mediatek mt8518s
References	~~() https://corp.mediatek.com/product-security-bulletin/January-2025 -~~	() https://corp.mediatek.com/product-security-bulletin/January-2025 - Vendor Advisory
CPE		cpe:2.3:h:mediatek:mt8893:-:::::::* cpe:2.3:h:mediatek:mt7920:-:::::::* cpe:2.3:h:mediatek:mt2737:-:::::::* cpe:2.3:h:mediatek:mt7902:-:::::::* cpe:2.3:a:linuxfoundation:yocto:5.0:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:o:openwrt:openwrt:23.05:::::::* cpe:2.3:o:google:android:13.0:::::::* cpe:2.3:h:mediatek:mt8532:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:a:linuxfoundation:yocto:4.0:::::::* cpe:2.3:h:mediatek:mt3603:-:::::::* cpe:2.3:a:linuxfoundation:yocto:3.3:::::::* cpe:2.3:h:mediatek:mt8518s:-:::::::* cpe:2.3:h:mediatek:mt8775:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt7922:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8755:-:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:o:google:android:15.0:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:a:mediatek:software_development_kit:::::::: cpe:2.3:h:mediatek:mt8766:-:::::::*
CWE		CWE-617

06 Jan 2025, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-06 04:15

Updated : 2025-04-21 17:12

NVD link : CVE-2024-20152

Mitre link : CVE-2024-20152

JSON object : View

Products Affected

mediatek

mt2737
mt8518s
mt8768
mt3603
mt7902
mt8766
software_development_kit
mt8796
mt7920
mt8775
mt8781
mt7922
mt6886
mt8755
mt8532
mt6897
mt8893
mt6878
mt8798
mt6835
mt6990

linuxfoundation

yocto

openwrt

openwrt

google

android

CWE

CWE-617

Reachable Assertion

JSON object

Attach tags to CVE-2024-20152

Attach tags to `CVE-2024-20152`