Common Weakness Enumeration

CWE-1332

Allowed

Improper Handling of Faults that Lead to Instruction Skips

Abstraction: Base · Status: Stable

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

5 vulnerabilities reference this CWE, most recent first.

CVE-2024-20060 (GCVE-0-2024-20060)

Vulnerability from cvelistv5 – Published: 2024-05-06 02:51 – Updated: 2025-03-20 20:54
VLAI
Summary
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1332 - Improper Handling of Faults that Lead to Instruction Skips
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370, MT8390 Affected: Android 12.0, 13.0, 14.0
Create a notification for this product.
mediatek mt6580 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6739 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6761 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6765 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6768 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6781 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6789 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6833 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6835 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6853 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6855 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6877 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6879 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6883 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6885 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6886 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6889 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6893 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6895 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6983 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6985 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6989 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8188 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8390 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6580",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6739",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6761",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6765",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6768",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6781",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6789",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6833",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6835",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6853",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6855",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6877",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6879",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6883",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6885",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6886",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6889",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6893",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6895",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6983",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6985",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6989",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8188",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8390",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-20060",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T19:10:57.898401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T20:54:59.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370, MT8390",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 12.0, 13.0, 14.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1332",
              "description": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T02:51:57.024Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2024-20060",
    "datePublished": "2024-05-06T02:51:57.024Z",
    "dateReserved": "2023-11-02T13:35:35.162Z",
    "dateUpdated": "2025-03-20T20:54:59.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20059 (GCVE-0-2024-20059)

Vulnerability from cvelistv5 – Published: 2024-05-06 02:51 – Updated: 2025-03-19 13:48
VLAI
Summary
In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1332 - Improper Handling of Faults that Lead to Instruction Skips
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370, MT8390 Affected: Android 12.0, 13.0, 14.0
Create a notification for this product.
mediatek mt6580 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6739 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6761 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6765 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6768 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6781 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6789 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6833 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6835 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6853 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6855 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6877 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6879 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6883 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6885 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6886 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6889 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6893 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6895 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6983 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6985 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt6989 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8188 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
Create a notification for this product.
mediatek mt8390 Affected: android_12.0 , ≤ android_14.0 (custom)
    cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6580",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6739",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6761",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6765",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6768",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6781",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6789",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6833",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6835",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6853",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6855",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6877",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6879",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6883",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6885",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6886",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6889",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6893",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6895",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6983",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6985",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt6989",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8188",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mt8390",
            "vendor": "mediatek",
            "versions": [
              {
                "lessThanOrEqual": "android_14.0",
                "status": "affected",
                "version": "android_12.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-20059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T20:12:52.079441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-19T13:48:02.607Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:31.945Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT6989, MT8188, MT8370, MT8390",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 12.0, 13.0, 14.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1332",
              "description": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-06T02:51:55.410Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2024-20059",
    "datePublished": "2024-05-06T02:51:55.410Z",
    "dateReserved": "2023-11-02T13:35:35.162Z",
    "dateUpdated": "2025-03-19T13:48:02.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2FHM-PCV6-VCX9

Vulnerability from github – Published: 2025-07-22 21:31 – Updated: 2025-11-03 21:34
VLAI
Details

On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1332"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-22T21:15:49Z",
    "severity": "CRITICAL"
  },
  "details": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
  "id": "GHSA-2fhm-pcv6-vcx9",
  "modified": "2025-11-03T21:34:10Z",
  "published": "2025-07-22T21:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8028"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-56"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-57"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-58"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-59"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-61"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-62"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-63"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3J75-RQ9M-PXRV

Vulnerability from github – Published: 2024-05-06 03:30 – Updated: 2025-03-20 21:31
VLAI
Details

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1332"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T03:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.",
  "id": "GHSA-3j75-rq9m-pxrv",
  "modified": "2025-03-20T21:31:41Z",
  "published": "2024-05-06T03:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20060"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MM6W-VPGV-7HXR

Vulnerability from github – Published: 2024-05-06 03:30 – Updated: 2025-03-19 15:31
VLAI
Details

In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1332"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T03:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749.",
  "id": "GHSA-mm6w-vpgv-7hxr",
  "modified": "2025-03-19T15:31:38Z",
  "published": "2024-05-06T03:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20059"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/May-2024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design strategies for ensuring safe failure if inputs, such as Vcc, are modified out of acceptable ranges.

Mitigation
Architecture and Design

Design strategies for ensuring safe behavior if instructions attempt to be skipped.

Mitigation
Architecture and Design

Identify mission critical secrets that should be wiped if faulting is detected, and design a mechanism to do the deletion.

Mitigation
Implementation

Add redundancy by performing an operation multiple times, either in space or time, and perform majority voting. Additionally, make conditional instruction timing unpredictable.

Mitigation
Implementation

Use redundant operations or canaries to detect and respond to faults.

Mitigation
Implementation

Ensure that fault mitigations are strong enough in practice. For example, a low power detection mechanism that takes 50 clock cycles to trigger at lower voltages may be an insufficient security mechanism if the instruction counter has already progressed with no other CPU activity occurring.

CAPEC-624: Hardware Fault Injection

The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.

CAPEC-625: Mobile Device Fault Injection

Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.