CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-20141

High Severity
Google
SVRS
61/100
CVSSv3
6.6/10
EPSS
0.00013/1

CVE-2024-20141 is an out-of-bounds write vulnerability affecting V5 DA, potentially leading to local privilege escalation. The missing bounds check could be exploited by an attacker with physical access to the device. Although user interaction is required, successful exploitation allows for privilege escalation without needing additional execution privileges. The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-20141 is 61, indicating a moderate risk level requiring monitoring and potential remediation. While not deemed immediately critical by SOCRadar's standards (SVRS > 80), the presence of CWE-123 and the "In The Wild" tag highlights the active nature of this threat. Applying Patch ID ALPS09291402 is essential to mitigate the security risk. This vulnerability is significant because it offers a direct path for unauthorized privilege escalation on affected devices, emphasizing the need for diligent patch management.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:P
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-02-03
LAST MODIFIED2025-02-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-20141 describes a potential out-of-bounds write vulnerability in V5 DA software. This vulnerability arises from a missing bounds check, which could allow a local attacker with physical access to the device to escalate their privileges without any additional execution privileges. User interaction is required for exploitation. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 38, indicating a moderate level of risk requiring attention.

Key Insights

  • Local Exploitation: This vulnerability is exploitable only by an attacker with physical access to the device. This limits the attack surface but emphasizes the importance of physical security measures.
  • Privilege Escalation: Successful exploitation could lead to local privilege escalation, granting the attacker elevated access and control over the device.
  • User Interaction: The vulnerability requires user interaction for exploitation. This implies social engineering tactics or malicious user actions could be used to trigger the vulnerability.
  • Patch Availability: A patch (ALPS09291402) is available to address the vulnerability, highlighting the importance of timely patching and software updates.

Mitigation Strategies

  • Patching: Immediately apply the provided patch (ALPS09291402) to V5 DA software to eliminate the vulnerability.
  • Physical Security: Implement robust physical security measures to restrict unauthorized access to devices running V5 DA software.
  • User Training: Educate users about potential risks and best practices to avoid falling victim to social engineering attempts or malicious actions that could trigger the vulnerability.
  • Network Segmentation: Consider segmenting networks to isolate V5 DA devices from other critical systems, minimizing the potential impact of a successful exploit.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-20141 | MediaTek MT8893 V5 DA write-what-where condition (MSV-2073 / ALPS09291402)
vuldb.com2025-02-03
CVE-2024-20141 | MediaTek MT8893 V5 DA write-what-where condition (MSV-2073 / ALPS09291402) | A vulnerability was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798 and MT8893 and classified as problematic. This issue affects some unknown processing of the component
vuldb.com
rss
forum
news

Social Media

CVE-CVE-2024-20141: In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to —CVSS 6.6 bleeds Legal. Old bug, new chaos—don’t let this relic ruin your day! Free $500 scan—https://t.co/eoMhrefG0X #HackAlert #ThreatHunting #Cyb
0
0
0
CVE-CVE-2024-20141: In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to —CVSS 6.6 strikes Legal. Old bug, new chaos—don’t let this relic ruin your day! Free $500 scan—https://t.co/eoMhrefG0X #VulnWatch #ThreatHunting #Da
0
0
0
New post from https://t.co/uXvPWJy6tj (CVE-2024-20141 | MediaTek MT8893 V5 DA write-what-where condition (MSV-2073 / ALPS09291402)) has been published on https://t.co/SzsT6ARNZa
0
0
0
CVE-2024-20141 In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access … https://t.co/CG8QwRIbIm
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSGoogleandroid

References

ReferenceLink
[email protected]https://corp.mediatek.com/product-security-bulletin/February-2025

CWE Details

CWE IDCWE NameDescription
CWE-123Write-what-where ConditionAny condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence