ГлавнаяУязвимости → CVE-2024-20078
9.8критическая

CVE-2024-20078

Описание

In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.

Затрагиваемое ПО
Google AndroidMediatek Mt6768Mediatek Mt6779Mediatek Mt8321Mediatek Mt8385Mediatek Mt8755Mediatek Mt8765Mediatek Mt8766Mediatek Mt8768Mediatek Mt8771Mediatek Mt8775Mediatek Mt8781Mediatek Mt8786Mediatek Mt8788Mediatek Mt8789Mediatek Mt8791tMediatek Mt8792Mediatek Mt8795tMediatek Mt8796Mediatek Mt8797Mediatek Mt8798
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://corp.mediatek.com/product-security-bulletin/July-2024https://corp.mediatek.com/product-security-bulletin/July-2024