CVE-2024-20104

Name of the Vulnerable Software and Affected Versions: MediaTek microchip software (affected versions not specified) Android versions 12.0 through 15.0 openWRT versions 19.07 through 23.05 Yocto version 4.0 RDK-B versions 22Q3 through 24Q1

Description: The issue is related to an out-of-bounds write in the DA due to a missing bounds check, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.

Recommendations: For MediaTek microchip software, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Android versions 12.0 through 15.0, consider applying the patch with ID ALPS09073261 to resolve the issue. For openWRT versions 19.07 through 23.05, restrict access to the DA until a patch is available. For Yocto version 4.0, avoid using the vulnerable da module until the issue is resolved. For RDK-B versions 22Q3 through 24Q1, as a temporary workaround, consider disabling the da functionality until a patch is available.