Login Sign Up

CVE-2024-20005

8.2 HIGH

📋 TL;DR

This vulnerability allows local privilege escalation on MediaTek devices due to a missing permission check in the 'da' component. Attackers can gain SYSTEM privileges without user interaction. Affects devices using MediaTek chipsets with vulnerable firmware.

💻 Affected Systems

Products:
  • MediaTek chipset-based devices (smartphones, tablets, IoT devices)
Versions: Specific firmware versions not publicly detailed; check MediaTek advisory for affected builds.
Operating Systems: Android (MediaTek-specific implementations)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with MediaTek chipsets running vulnerable firmware. Exact device models depend on OEM implementation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with SYSTEM privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local attackers gain elevated privileges to install malicious apps, access sensitive data, or disable security features.

🟢

If Mitigated

Limited impact if proper application sandboxing and SELinux policies are enforced, though SYSTEM access remains dangerous.

🌐 Internet-Facing: LOW - Requires local access to device, not directly exploitable over network.
🏢 Internal Only: HIGH - Malicious apps or users with physical/remote access can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires SYSTEM execution privileges initially, suggesting it's a local escalation chain. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID ALPS08355599

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/March-2024

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply MediaTek-provided patch ALPS08355599. 3. Reboot device after update. 4. Verify patch installation via build fingerprint.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources and disable unknown sources installation.

Enable SELinux enforcing mode

linux

Ensure SELinux is in enforcing mode to limit privilege escalation impact.

getenforce
setenforce 1

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data.
  • Implement application allowlisting to prevent malicious app execution.

🔍 How to Verify

Check if Vulnerable:

Check device build fingerprint against MediaTek's patched firmware list. No public CVE-specific detection command available.

Check Version:

adb shell getprop ro.build.fingerprint

Verify Fix Applied:

Verify firmware includes patch ID ALPS08355599 in build information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts in system logs
  • SELinux denials related to 'da' component

Network Indicators:

  • None - local exploitation only

SIEM Query:

Device logs showing unexpected SYSTEM privilege acquisition or daemon manipulation

📊 Metadata

CVE ID: CVE-2024-20005
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-276
Published: March 4, 2024
Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20005, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)