CVE-2024-20151 – CVE-2024-20151 is an out-of-bounds write vulner... (How to Fix)

Q: What is the severity of CVE-2024-20151?

CVE-2024-20151 has a CVSS score of 6.7 (MEDIUM). CVE-2024-20151 is an out-of-bounds write vulnerability in MediaTek modem firmware that allows local privilege escalation. Attackers with initial System privilege access can exploit this to gain higher privileges without user interaction. This affects devices using vulnerable MediaTek modem chipsets.

📋 TL;DR

CVE-2024-20151 is an out-of-bounds write vulnerability in MediaTek modem firmware that allows local privilege escalation. Attackers with initial System privilege access can exploit this to gain higher privileges without user interaction. This affects devices using vulnerable MediaTek modem chipsets.

💻 Affected Systems

Products:

MediaTek modem chipsets

Versions: Specific versions not publicly detailed in advisory

Operating Systems: Android and other OS using MediaTek modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable MediaTek modem firmware. Exact device models not specified in public advisory.

📦 What is this software?

Nr16 by Mediatek

View all CVEs affecting Nr16 →

Nr17 by Mediatek

View all CVEs affecting Nr17 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to execute arbitrary code with highest privileges, potentially gaining persistent access and control over device functions.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass security controls, access sensitive data, or install persistent malware on compromised devices.

🟢

If Mitigated

Limited impact if proper access controls prevent initial System privilege acquisition and device isolation is maintained.

🌐 Internet-Facing: LOW (Requires local access and initial System privilege)

🏢 Internal Only: MEDIUM (Internal attackers with System privilege could exploit this for lateral movement)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires existing System privilege access. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: MOLY01399339

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2025

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates. 2. Apply MediaTek-provided modem firmware patch. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Restrict System Privilege Access

all

Limit access to System privilege to reduce attack surface

🧯 If You Can't Patch

Isolate affected devices from critical networks
Implement strict access controls to prevent initial System privilege acquisition

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against MediaTek security bulletin or contact device manufacturer

Check Version:

Device-specific commands vary by manufacturer. Typically: adb shell getprop ro.build.fingerprint or manufacturer-specific diagnostic tools.

Verify Fix Applied:

Verify patch MOLY01399339 is applied through device firmware version check

📡 Detection & Monitoring

Log Indicators:

Unusual modem firmware access attempts
Privilege escalation events in system logs

Network Indicators:

Anomalous modem communication patterns

SIEM Query:

Device logs showing unexpected System privilege changes or modem firmware access

📊 Metadata

CVE ID: CVE-2024-20151

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.14% exploit probability (34.5th percentile)

Published: January 6, 2025

Last Updated: April 21, 2025

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2025 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20151, you might also want to check these: