CVE-2024-20107 – CVE-2024-20107 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2024-20107?

CVE-2024-20107 has a CVSS score of 6.2 (MEDIUM). CVE-2024-20107 is an out-of-bounds read vulnerability in MediaTek's da component that allows local attackers to read memory beyond allocated buffers without authentication or user interaction. This leads to information disclosure of potentially sensitive data. The vulnerability affects devices using MediaTek chipsets with the vulnerable da component.

📋 TL;DR

CVE-2024-20107 is an out-of-bounds read vulnerability in MediaTek's da component that allows local attackers to read memory beyond allocated buffers without authentication or user interaction. This leads to information disclosure of potentially sensitive data. The vulnerability affects devices using MediaTek chipsets with the vulnerable da component.

💻 Affected Systems

Products:

MediaTek chipset-based devices (smartphones, tablets, IoT devices)

Versions: Specific versions not publicly detailed; affected versions prior to patch ALPS09124360

Operating Systems: Android (MediaTek-specific implementations)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in MediaTek's proprietary da component; exact device models depend on chipset and firmware versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive kernel memory, potentially exposing cryptographic keys, passwords, or other protected data that could facilitate further attacks.

🟠

Likely Case

Local information disclosure where an attacker with physical or shell access can read adjacent memory contents, potentially exposing system information or application data.

🟢

If Mitigated

With proper access controls and SELinux/app sandboxing, impact is limited to reading non-sensitive memory regions within the da process context.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring execution on the device; it cannot be exploited remotely over the network.

🏢 Internal Only: MEDIUM - Local attackers with shell access or malicious apps could exploit this to gather system information, but requires local code execution.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local code execution; no authentication bypass but no user interaction needed once code is running.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: ALPS09124360

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/November-2024

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply MediaTek-provided patch ALPS09124360. 3. Update device firmware through official channels. 4. Reboot device after update.

🔧 Temporary Workarounds

Restrict da component permissions

linux

Limit the daemon's capabilities and memory access through SELinux policies or app sandboxing

# Requires custom SELinux policy modifications
# Consult device manufacturer for specific policy adjustments

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local code execution
Monitor for suspicious local process activity and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and patch level; consult manufacturer for specific vulnerability status

Check Version:

# Device-specific; typically in Settings > About Phone > Build Number

Verify Fix Applied:

Verify patch ALPS09124360 is applied in firmware version details

📡 Detection & Monitoring

Log Indicators:

Unusual da process memory access patterns
SELinux denials related to da component

Network Indicators:

None - local vulnerability only

SIEM Query:

process_name:"da" AND memory_access:anomalous

📊 Metadata

CVE ID: CVE-2024-20107

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: November 4, 2024

Last Updated: April 24, 2025

🔗 References

https://corp.mediatek.com/product-security-bulletin/November-2024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20107, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Android by Google

Android by Google

Android by Google

Android by Google

Openwrt by Openwrt

Openwrt by Openwrt

Openwrt by Openwrt

Rdk B by Rdkcentral

Rdk B by Rdkcentral

Yocto by Linuxfoundation

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict da component permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities