VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 5, 2024· Updated May 9, 2025

CVE-2024-20012

CVE-2024-20012

Description

In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Type confusion in MediaTek keyInstall allows local escalation of privilege with System execution privileges.

Vulnerability

In keyInstall, a type confusion vulnerability exists that can lead to local escalation of privilege. The issue affects MediaTek chipsets and software versions covered in the February 2024 security bulletin [1]. The exact affected chipset list is not detailed in the available references, but the bulletin indicates that patches are provided for supported platforms.

Exploitation

An attacker must already have System execution privileges on the device. No user interaction is required. The attacker can trigger the type confusion in the keyInstall function to escalate privileges further, potentially gaining higher-level access.

Impact

Successful exploitation allows an attacker with System privileges to escalate to a higher privilege level, likely kernel or root, leading to full compromise of the device's security controls.

Mitigation

MediaTek has released a patch identified as ALPS08358566 as part of the February 2024 Product Security Bulletin [1]. Device OEMs have been notified and are expected to distribute the fix to end users. Users should apply the latest security updates from their device manufacturer.

References
  1. February 2024

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Mediatek/keyInstallllm-fuzzy
  • MediaTek, Inc./MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6895, MT6983, MT6985, MT8321, MT8385, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798v5
    Range: Android 12.0, 13.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.