CVE-2024-20080

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

Published: Jul 1, 2024
Updated: Jul 2, 2024
CVE: CVE-2024-20080
Exploit:

No technical information available.

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
linuxfoundation / yocto	2.6	2.6.x
linuxfoundation / yocto	3.3	3.3.x
linuxfoundation / yocto	4.0	4.0.x
rdkcentral / rdk-b	2022q3	2022q3.x
google / android	13.0	13.0.x
google / android	14.0	14.0.x

https://corp.mediatek.com/product-security-bulletin/July-2024

Vulnerability Database

289,697

CVE-2024-20080