CVE-2024-20018

Vulnerability

An out-of-bounds write vulnerability exists in the MediaTek wlan driver due to improper input validation [1]. This affects chipsets including MT6890, MT7622, MT7915, MT7916, MT7981, MT7986, and others, with associated software versions such as SDK 7.4.0.1 and before (for MT7622 and MT7915) and SDK 7.6.7.0 and before (for additional chipsets). The issue is identified by Patch ID WCNCR00348479 and Issue ID MSV-1019.

Exploitation

Exploitation requires no user interaction and no special execution privileges. An attacker with local access can trigger the out-of-bounds write by supplying crafted input to the wlan driver. No network access or authentication is needed beyond local ability to interact with the driver.

Impact

Successful exploitation allows an attacker to perform an out-of-bounds write, potentially leading to local escalation of privilege. The attacker could gain elevated privileges on the device, compromising confidentiality, integrity, and availability.

Mitigation

MediaTek has released security patches for this vulnerability in the March 2024 Product Security Bulletin [1]. Device OEMs have been notified and should apply the corresponding updates. Users should install updates from their device manufacturer as they become available.