MediaTek, HPE and Dell release advisories to inform customers about potentially serious vulnerabilities found and patched in their products.
January 7, 2025 By Ionut Arghire
Hardware makers MediaTek, HPE and Dell on Monday released advisories to inform customers about potentially serious vulnerabilities found and patched in their products.
Taiwanese semiconductor company MediaTek announced patches for a dozen vulnerabilities, including a critical-severity flaw in the modem component of tens of chipsets that could lead to remote code execution (RCE).
Tracked as CVE-2024-20154, the issue is described as an out-of-bounds write that could be exploited when a device is connected to a rogue base station controlled by the attacker, without user interaction.
MediaTek’s advisory also details seven high-severity bugs that could lead to local escalation of privilege, or RCE if the attacker is adjacent to the vulnerable device.
Dell announced patches for a high-severity defect in its Update Package (DUP) Framework, tracked as CVE-2025-22395 and described as a local escalation of privilege issue that could enable the execution of arbitrary scripts, leading to denial-of-service (DoS) conditions. DUP framework version 22.01.02 resolves the vulnerability.
