CVE-2024-20128 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2024-20128?

CVE-2024-20128 has a CVSS score of 7.5 (HIGH). This CVE describes an out-of-bounds read vulnerability in MediaTek telephony components that could allow remote denial of service attacks without user interaction. The vulnerability affects devices using MediaTek chipsets with vulnerable telephony firmware. Attackers could potentially crash telephony services remotely.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in MediaTek telephony components that could allow remote denial of service attacks without user interaction. The vulnerability affects devices using MediaTek chipsets with vulnerable telephony firmware. Attackers could potentially crash telephony services remotely.

💻 Affected Systems

Products:

MediaTek chipset-based devices with telephony functionality

Versions: Specific firmware versions not detailed in CVE; refer to MediaTek advisory for affected versions

Operating Systems: Android and other OS using MediaTek telephony components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using MediaTek chipsets with the vulnerable telephony firmware. Exact device models depend on manufacturer implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could cause persistent denial of service to telephony functions, potentially disrupting voice calls, SMS, and mobile data services on affected devices.

🟠

Likely Case

Temporary disruption of telephony services requiring device reboot to restore functionality, with potential for repeated attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to denial of service within controlled network segments.

🌐 Internet-Facing: HIGH - No authentication required and no user interaction needed for exploitation, making internet-exposed devices vulnerable to remote attacks.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to disrupt telephony services within the network, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication or user interaction required. Exploitation likely involves sending specially crafted telephony protocol packets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID ALPS09289881

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/December-2024

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply MediaTek-provided firmware patch ALPS09289881. 3. Reboot device after patch installation. 4. Verify patch installation through version checking.

🔧 Temporary Workarounds

Network segmentation

all

Isolate devices from untrusted networks to prevent remote exploitation

Firewall restrictions

all

Block unnecessary telephony protocol ports from untrusted sources

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict access controls
Implement network monitoring for telephony service disruptions and anomalous traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against MediaTek advisory; devices with pre-patch firmware are vulnerable

Check Version:

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Build Number

Verify Fix Applied:

Verify firmware version includes patch ID ALPS09289881 and test telephony functionality

📡 Detection & Monitoring

Log Indicators:

Telephony service crashes
Modem/radio subsystem restarts
Unexpected telephony process terminations

Network Indicators:

Anomalous telephony protocol traffic patterns
Unexpected connection attempts to telephony ports

SIEM Query:

source="telephony" AND (event="crash" OR event="restart") OR dest_port IN (telephony_ports) AND protocol_anomaly=true

📊 Metadata

CVE ID: CVE-2024-20128

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: December 2, 2024

Last Updated: April 22, 2025

🔗 References

https://corp.mediatek.com/product-security-bulletin/December-2024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20128, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Android by Google

Android by Google

Android by Google

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network segmentation

Firewall restrictions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities