News: 1736173692

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

MediaTek rings in the new year with a parade of chipset vulns

(2025/01/06)


MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets.

The fabless semiconductor biz gave the RCE a "critical" severity assessment but didn't provide a specific rating after running it through the CVSS frameworks, so it could be anywhere between nine and ten.

Tracked as CVE-2024-20154, it's a stack overflow issue in affected chipsets' modems, one that leads to RCE if an affected device connects to an attacker-controlled base station. A successful attack doesn't require the attacker to acquire any additional privileges, nor does it depend on user interaction.

[1]

The list of affected chipsets is long and includes ones for use in cars, smartphones, IoT devices, and Chromebooks.

[2]

[3]

The number of software versions is much smaller, however:

Modem LR12A

Modem LR13

Modem NR15

Modem NR16.R1.MP

Modem NR16.R1.MP1MP2.MP

Modem NR16.R2.MP

MediaTek said device manufacturers were all told about the issues and accompanying patches at least two months prior to today's disclosure, so all the vulnerabilities in the [4]vendor's advisory should be fixed by now.

Of those vulnerabilities, seven were assessed to be "high" severity and five were given "medium" status.

[5]As Arm rivals cook up custom silicon, Mediatek sticks to tried-and-true Cortex recipe

[6]US DoJ wades into Realtek lawsuit that accuses MediaTek of patent abuse

[7]MediaTek enters the 4th Dimensity with 3nm octa-core 9400 smartphone brains

[8]Rivals and legal action cast shadows over Windows on Arm market

The high-severity bugs included a mix of RCE and elevation of privilege issues, all affecting multiple chipsets, while the medium-severity vulnerabilities led to denial of service and information disclosure.

MediaTek's reported expansion

As the list of chipsets affected by CVE-2024-20154 affirms, MediaTek's chips aren't just used in mobile and IoT devices - markets in which the Taiwanese company among the leaders - but in Chromebooks too.

MediaTek is also reportedly working on entering the PC chip market, insiders told [9]Reuters last year, with its first Arm designed units expected at sometime in 2025, although the vendor hasn't confirmed anything publicly.

Recent product diversification efforts have seen MediaTek's chips target the AIoT market. Its Genio platform, launched in 2022, is one example of this. But with Qualcomm's exclusive Windows on Arm deal, established in 2016, expiring in 2024 – as [10]confirmed by Arm CEO Rene Haas almost a year ago to the day – other vendors like MediaTek, Nvidia, and AMD are poised to get in on the act with their own AI-ready chips.

[11]

The Register approached MediaTek for a response to these reports, but it didn't immediately respond. ®

Get our [12]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z3wMNB54Ytz0ztFCF7XtRAAAAAY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z3wMNB54Ytz0ztFCF7XtRAAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z3wMNB54Ytz0ztFCF7XtRAAAAAY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://corp.mediatek.com/product-security-bulletin/January-2025

[5] https://www.theregister.com/2024/10/22/arm_custom_silicon_interview/

[6] https://www.theregister.com/2024/10/09/doj_intervenes_realtek_mediatek/

[7] https://www.theregister.com/2024/10/09/mediatek_dimensity_9400/

[8] https://www.theregister.com/2024/06/12/windows_on_arm_market/

[9] https://www.reuters.com/technology/mediatek-designs-arm-based-chip-microsofts-ai-laptops-say-sources-2024-06-11/

[10] https://stratechery.com/2024/an-interview-with-arm-ceo-rene-haas/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z3wMNB54Ytz0ztFCF7XtRAAAAAY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/



AIoT

TimMaher

Oh $deity. What a combination.

Absent Intelligence meets Internet of Twats.

I’ll get my coat as there has to be somewhere safer to move to.

"MediaTek said device manufacturers were all told about the issues"...

Mentat74

"and accompanying patches at least two months prior to today's disclosure"...

And how many of these devices were actually patched in this short window of time ?

Re: "MediaTek said device manufacturers were all told about the issues"...

Anonymous Coward

Especially when MediaTek chips tend to be used in lower end devices.

Re: "MediaTek said device manufacturers were all told about the issues"...

b0llchit

Well then, it must be the really cheapo cars that will be RCE controlled then (emphasis mine):

The list of affected chipsets is long and includes ones for use in cars , smartphones, IoT devices, and Chromebooks.

I don't want my car connected to anything remote. Luckily, I don't own a car, so I guess that works out well then. But, if I would, I'd buy an old one without any of the connectivity "features" that can be hacked and are tracking you all the time.

Introducing, the 1010, a one-bit processor.

INSTRUCTION SET
Code Mnemonic What
0 NOP No Operation
1 JMP Jump (address specified by next 2 bits)

Now Available for only 12 1/2 cents!