CVE-2024-20123

MEDIUM

vdec - Info Disclosure

Title source: llm

Description

In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1569.

References (1)

Core 1

Core References

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/November-2024

Scores

CVSS v3 4.4

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

google/android 12.0

Published Nov 04, 2024

Tracked Since Feb 18, 2026