IoT Yocto 2024 Security Bulletin Published
Product Security Bulletin contains details of security vulnerabilities affecting MediaTek IoT Yocto devices. Device OEMs should regularly review and update all the issues of the corresponding security patches before publication.
June 2024
May 2024
April 2024
CVE-2024-20055
Title |
Information disclosure in imgsys |
Severity |
Medium |
Vulnerability Type |
ID |
CWE |
CWE-200 Information Disclosure |
Description |
In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation |
Affected Chipsets |
MT8395,MT8390,MT8370 |
References |
Commit 9a41445a |