Preface: When an out-of-bounds read occurs, typically the product has already made a separate mistake, such as modifying an index or performing pointer arithmetic that produces an out-of-bounds address.
Background: MediaTek JPEG Decoder is the JPEG decode hardware present in MediaTek SoCs. The jpeg decoder hardware device node which should be added as subnodes to the main jpeg node.
IOMMU is the so-called SMMU, which can organize discontinuous physical memory into a continuous virtual memory (this makes sense for many drivers).
Vulnerability details:
CVE-2024-20084 – In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-20085 – In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Official announcement: Please refer to the vendor announcement for details – https://corp.mediatek.com/product-security-bulletin/September-2024