MediaTek, one of the world’s largest semiconductor companies, has disclosed a series of security vulnerabilities in its chipsets that could allow attackers to execute remote code on affected devices.
These vulnerabilities impact a wide range of products, including smartphones, tablets, AIoT devices, smart displays, TVs, and other platforms powered by MediaTek processors.
The vulnerabilities were detailed in the latest MediaTek Product Security Bulletin and categorized using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Among the identified issues, one critical flaw tracked as CVE-2024-20154 stands out for its potential to enable remote code execution (RCE), posing a severe risk to user privacy and device security.
The critical vulnerability, CVE-2024-20154, could allow attackers to remotely exploit devices by executing arbitrary code. This type of exploit is particularly dangerous as it can provide attackers with full control over a device without requiring physical access.
Cyberattacks often use such to steal sensitive data, install malware, or disrupt device functionality.
In addition to the critical flaw, MediaTek identified several high-severity vulnerabilities (e.g., CVE-2024-20140 and CVE-2024-20143) and medium-severity issues (e.g., CVE-2024-20149 and CVE-2024-20150).
These vulnerabilities collectively affect various components of MediaTek-powered devices, including audio processing units and AI-enhanced functionalities.