Login Sign Up

CVE-2024-20120

6.7 MEDIUM

📋 TL;DR

CVE-2024-20120 is an out-of-bounds write vulnerability in KeyInstall that allows local privilege escalation to System level without user interaction. This affects MediaTek devices with vulnerable firmware. Attackers with initial access can exploit this to gain full system control.

💻 Affected Systems

Products:
  • MediaTek devices with KeyInstall component
Versions: Specific firmware versions not detailed in advisory; check MediaTek bulletin for affected versions
Operating Systems: Android-based systems using MediaTek chipsets
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using MediaTek chipsets with vulnerable KeyInstall implementation. Requires System execution privileges for exploitation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install persistent malware, steal sensitive data, or disable security controls.

🟠

Likely Case

Local attackers escalate privileges to install additional malware, maintain persistence, or bypass security restrictions.

🟢

If Mitigated

Limited impact if proper application sandboxing and privilege separation are enforced, though kernel-level access remains possible.

🌐 Internet-Facing: LOW - Requires local access; not directly exploitable over network.
🏢 Internal Only: HIGH - Malicious insiders or compromised accounts can exploit this for full system control.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and System execution privileges. No user interaction needed once initial access obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patch ID: ALPS08956986

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/November-2024

Restart Required: Yes

Instructions:

1. Check device firmware version
2. Contact device manufacturer for updated firmware
3. Apply firmware update containing patch ALPS08956986
4. Reboot device

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to vulnerable devices

Application sandboxing

android

Enforce strict application isolation to limit privilege escalation impact

🧯 If You Can't Patch

  • Isolate affected devices on separate network segments
  • Implement strict access controls and monitoring for privileged operations

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against MediaTek security bulletin or contact manufacturer

Check Version:

Check device settings > About phone > Build number or firmware version

Verify Fix Applied:

Verify patch ALPS08956986 is applied in firmware version details

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Suspicious KeyInstall process activity
  • Unexpected system-level process execution

Network Indicators:

  • Not applicable - local exploitation only

SIEM Query:

Process creation events with parent-child privilege escalation patterns involving system processes

📊 Metadata

CVE ID: CVE-2024-20120
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 4, 2024
Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20120, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)