A series of security vulnerabilities have been identified in MediaTek chipsets, affecting several Android versions and other related software platforms.
MediaTek leads the market in powering Android tablets and smart-feature phones and ranks as the world’s second-largest provider of smartphone chipsets with 1.5 billion active Android devices.
Known for integrating advanced 5G, AI, imaging, connectivity, and gaming technologies, MediaTek delivers high-performance solutions that enhance user experiences across a wide range of devices globally.
The vulnerabilities, detailed in a recent security bulletin, present significant risks, including escalation of privileges and denial of service attacks.
One of the most critical vulnerabilities, identified as CVE-2024-20125, pertains to an out-of-bounds write in the vdec component. This flaw could potentially lead to a local escalation of privilege, allowing attackers to gain system execution privileges without the need for user interaction.
“In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.” Mediatek stated in security bulletin
Affected chipsets include MT6580, MT6761, MT6765, MT6768, and many others. This vulnerability impacts devices running on Android 13.0 and 14.0.
Several medium severity vulnerabilities have been identified:
| CVE ID | Description | Impact | Affected Chipsets | Affected Android Versions |
|---|---|---|---|---|
| CVE-2024-20129 | Out-of-bounds read in the Telephony component. | Remote Denial of Service | MT6580, MT6739, MT6761 and more | 13.0, 14.0, 15.0 |
| CVE-2024-20128 | Out-of-bounds read in the Telephony component. | Remote Denial of Service | MT6580, MT6739, MT6761 and more | 13.0, 14.0, 15.0 |
| CVE-2024-20127 | Out-of-bounds read in the Telephony component. | Remote Denial of Service | MT6580, MT6739, MT6761 and more | 13.0, 14.0, 15.0 |
| CVE-2024-20130 | Stack overflow in the power component. | Local Escalation of Privilege | MT6739, MT6761 | 14.0, 15.0 |
| CVE-2024-20131 | Out-of-bounds write in the Modem component. | Local Privilege Escalation | Modem NR16 versions | – |
| CVE-2024-20132 | Out-of-bounds write in the Modem component. | Local Privilege Escalation | Modem NR16 versions | – |
| CVE-2024-20133 | Out-of-bounds write in the ril component. | Local Privilege Escalation | Modem NR16 versions | – |
| CVE-2024-20134 | Out-of-bounds write in the ril component. | Local Privilege Escalation | Modem NR16 versions | – |
| CVE-2024-20135 | Out-of-bounds write in the soundtrigger component. | Privilege Escalation | Multiple chipsets | 14.0, 15.0 |
Additional vulnerabilities extend beyond Android, affecting platforms such as openWRT, Yocto, and RDK-B:
- CVE-2024-20136: An out-of-bounds read in DA could lead to local information disclosure, affecting a wide range of chipsets and software versions, including openWRT 19.07 and Yocto 4.0.
- CVE-2024-20137, CVE-2024-20138, and CVE-2024-20139: Issues in wlan and Bluetooth components could lead to client disconnection and information disclosure, affecting SDK releases and other platforms.
Response and Recommendations
MediaTek has acknowledged these vulnerabilities and urges organizations to update affected systems immediately. The company has provided a report mechanism on its website for users to disclose any additional findings.
We advise device OEMs to contact their respective MediaTek representatives for further assistance.
This bulletin serves as a crucial reminder for continuous monitoring and updating of system software to protect against potential security breaches.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar