.. spelling:word-list::

   imgsys

.. include:: /keyword.rst

=============================================
|IOT-YOCTO| 2024 Security Bulletin Published
=============================================

Product Security Bulletin contains details of security vulnerabilities affecting MediaTek |IOT-YOCTO| devices. Device OEMs should regularly review and update all the issues of the corresponding security patches before publication.

.. contents:: Sections
    :local:
    :depth: 2

December 2024
---------------

November 2024
---------------

October 2024
---------------

September 2024
---------------

August 2024
---------------

July 2024
---------------

June 2024
---------------

May 2024
---------------

April 2024
---------------

CVE-2024-20055
^^^^^^^^^^^^^^^

.. csv-table::
   :widths: 10, 30

   "Title", "Information disclosure in imgsys"
   "Severity", "Medium"
   "Vulnerability Type", "ID"
   "CWE", "CWE-200 Information Disclosure"
   "Description", "In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation"
   "Affected Chipsets", "MT8395,MT8390,MT8370"
   "References", "Commit `9a41445a <https://gitlab.com/mediatek/aiot/bsp/mtk-camisp-driver/-/commit/9a41445a754e87a16d9fa408cda8b29f0d625413>`_ "

March 2024
---------------

February 2024
---------------

January 2024
---------------