9.8критическая
CVE-2024-20080
Описание
In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.
Затрагиваемое ПО
Linuxfoundation YoctoRdkcentral Rdk-bGoogle AndroidMediatek Mt2735Mediatek Mt2737Mediatek Mt6761Mediatek Mt6765Mediatek Mt6768Mediatek Mt6781Mediatek Mt6785Mediatek Mt6789Mediatek Mt6833Mediatek Mt6853Mediatek Mt6853tMediatek Mt6855Mediatek Mt6873Mediatek Mt6875Mediatek Mt6877Mediatek Mt6879Mediatek Mt6880Mediatek Mt6883Mediatek Mt6885Mediatek Mt6886Mediatek Mt6889Mediatek Mt6890
CVSS
| Балл | 9.8 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Источники
https://corp.mediatek.com/product-security-bulletin/July-2024https://corp.mediatek.com/product-security-bulletin/July-2024