Created on 2025-01-07 07:03 and updated on 2025-01-07 07:03.
Description
MediaTek has released its January 2025 Product Security Bulletin: https://corp.mediatek.com/product-security-bulletin/January-2025
Out-of-bounds write vulnerabilities in power management (CVE-2024-20140) and the Digital Audio subsystem (CVE-2024-20143, CVE-2024-20144, CVE-2024-20145). These vulnerabilities could lead to local privilege escalation, potentially allowing attackers to gain unauthorized access to sensitive data or system functionalities.
These vulnerabilities could lead to local privilege escalation, potentially allowing attackers to gain unauthorized access to sensitive data or system functionalities.
Other vulnerabilities addressed include issues in the WLAN driver (CVE-2024-20146, CVE-2024-20148) that could lead to remote code execution and an out-of-bounds write vulnerability in the M4U subsystem (CVE-2024-20105) that could allow for local privilege escalation.
MediaTek has notified device manufacturers (OEMs) about these vulnerabilities and provided corresponding security patches. Users are strongly encouraged to check for updates from their device manufacturers and apply them as soon as possible to mitigate these security risks.
Vulnerabilities included in this bundle
Meta
[
{
"ref": [
"https://corp.mediatek.com/product-security-bulletin/January-2025",
"https://securityonline.info/cve-2024-20154-critical-rce-flaw-in-mediatek-chipsets-impacts-millions/",
"https://infosec.exchange/@cR0w/113782274904646754",
"https://source.android.com/docs/security/bulletin/2025-01-01"
]
}
]
Author
Cédric BonhommeCombined sightings
| Author | Vulnerability | Source | Type | Date |
|---|