CVE-2024-20019 - Vulnerability Details - OpenCVE

In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek	Mt7925 Mt7927 Software Package

Configuration 1 [-]

AND

cpe:2.3:a:mediatek:software_package:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:mediatek:mt7925:-:::::::*
	cpe:2.3:h:mediatek:mt7927:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/March-2024

History

Mon, 05 May 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt7925 Mediatek mt7927 Mediatek software Package
CPEs		cpe:2.3:a:mediatek:software_package:::::::: cpe:2.3:h:mediatek:mt7925:-:::::::* cpe:2.3:h:mediatek:mt7927:-:::::::*
Vendors & Products		Mediatek Mediatek mt7925 Mediatek mt7927 Mediatek software Package

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2024-03-04T02:43:27.661Z

Updated: 2024-08-01T21:52:31.569Z

Reserved: 2023-11-02T13:35:35.150Z

Link: CVE-2024-20019

Vulnrichment

Updated: 2024-08-01T21:52:31.569Z

NVD

Status : Analyzed

Published: 2024-03-04T03:15:07.060

Modified: 2025-05-05T17:54:32.670

Link: CVE-2024-20019

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20019", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2023-11-02T13:35:35.150Z", "datePublished": "2024-03-04T02:43:27.661Z", "dateUpdated": "2024-08-01T21:52:31.569Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-03-04T02:43:27.661Z"}, "descriptions": [{"lang": "en", "value": "In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT7925, MT7927", "versions": [{"version": "SW package release 2023.11.10 and before", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Denial of Service"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "mediatek", "product": "mt7927", "cpes": ["cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2023.11.10", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt7925", "cpes": ["cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "-0", "status": "affected", "lessThan": "2023.11.10", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-04T14:17:28.244767Z", "id": "CVE-2024-20019", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T18:26:39.751Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.569Z"}, "title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.569Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-20019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T14:17:28.244767Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7927", "versions": [{"status": "affected", "version": "0", "lessThan": "2023.11.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7925", "versions": [{"status": "affected", "version": "-0", "lessThan": "2023.11.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T16:56:31.532Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT7925, MT7927", "versions": [{"status": "affected", "version": "SW package release 2023.11.10 and before"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}], "descriptions": [{"lang": "en", "value": "In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-03-04T02:43:27.661Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20019", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:52:31.569Z", "dateReserved": "2023-11-02T13:35:35.150Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2024-03-04T02:43:27.661Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediatek:software_package:*:*:*:*:*:*:*:*", "matchCriteriaId": "D187DAB0-15AD-4FC1-A645-92B0942C0559", "versionEndIncluding": "2023.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*", "matchCriteriaId": "27CFC9DF-2F4C-469A-8A19-A260B1134CFE", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*", "matchCriteriaId": "05525018-AFE0-415C-A71C-A77922C7D637", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173."}, {"lang": "es", "value": "En el controlador WLAN, existe una posible p\u00e9rdida de memoria debido a un manejo inadecuado de la entrada. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00351241; ID del problema: MSV-1173."}], "id": "CVE-2024-20019", "lastModified": "2025-05-05T17:54:32.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-04T03:15:07.060", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2024"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}