About CVE-2024-20084 and CVE-2024-20085: MediaTek’s System-on-Chip Design weakness (2nd Sep 2024)

Preface: When an out-of-bounds read occurs, typically the product has already made a separate mistake, such as modifying an index or performing pointer arithmetic that produces an out-of-bounds address.

Background: MediaTek JPEG Decoder is the JPEG decode hardware present in MediaTek SoCs. The jpeg decoder hardware device node which should be added as subnodes to the main jpeg node.

IOMMU is the so-called SMMU, which can organize discontinuous physical memory into a continuous virtual memory (this makes sense for many drivers).

Vulnerability details:

CVE-2024-20084 – In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-20085 – In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Official announcement: Please refer to the vendor announcement for details – https://corp.mediatek.com/product-security-bulletin/September-2024

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.