MediaTek disclosed a critical remote code execution vulnerability affecting 51 chipsets, which could lead to serious security risks if exploited.
The remote code execution issue, CVE-2024-20154, arises from a stack overflow in modem software that allows attacks without user interaction or privilege escalation.
The vulnerabilities span a variety of devices, including smartphones, IoT devices, and Chromebooks, indicating the widespread impact of MediaTek's security issues.
Despite the critical severity of the issues, MediaTek communicated the vulnerabilities and patches to device manufacturers two months in advance, ensuring timely remediation.
Collection
[
|
...
]