CVE-2024-20040

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

Published: Apr 1, 2024
Updated: Apr 2, 2024
CVE: CVE-2024-20040
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linuxfoundation / yocto	3.3	3.3.x
linuxfoundation / yocto	4.0	4.0.x
rdkcentral / rdk-b	2022q3	2022q3.x
google / android	12.0	12.0.x
google / android	13.0	13.0.x
google / android	14.0	14.0.x
linux / linux_kernel	4.19	4.19.x
openwrt / openwrt	19.07.0	19.07.0.x
openwrt / openwrt	21.02.0	21.02.0.x

https://corp.mediatek.com/product-security-bulletin/April-2024

Vulnerability Database

289,697

CVE-2024-20040