Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

mt6886

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

58

CISA CVEs -

0

NVD CVEs -

267
Related CVEsRelated VendorsRelated AssignersReports
268Vulnerabilities found

CVE-2026-20454
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.08% / 0.17%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 03:20
Updated-02 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6889_firmwaremt8765_firmwaremt6985mt6991_firmwaremt6739mt8673_firmwaremt8788mt8788_firmwaremt6886mt6761mt8798_firmwaremt6855_firmwaremt6885mt6781_firmwaremt6768mt6878mt8673mt6835_firmwaremt6893_firmwaremt6853_firmwaremt6983_firmwaremt8766_firmwaremt6885_firmwaremt6878_firmwaremt6983mt6897mt6883_firmwaremt6883mt6877mt6991mt6895mt6781mt8781mt6897_firmwaremt6989mt6765_firmwaremt8791tmt6789mt6879_firmwaremt6889mt8765mt6765mt8768_firmwaremt6768_firmwaremt6886_firmwaremt8781_firmwaremt6893mt6985_firmwaremt8768mt6899_firmwaremt6739_firmwaremt8798mt6761_firmwaremt8766mt8910_firmwaremt8786_firmwaremt8786mt8793mt6855mt6989_firmwaremt6853mt6877_firmwaremt8793_firmwaremt6835mt6789_firmwaremt8797_firmwaremt8797mt6895_firmwaremt8910mt6879mt6899mt8791t_firmwareMediaTek chipset
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-20453
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.75%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 03:20
Updated-02 Jun, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6889_firmwaremt8765_firmwaremt6985mt6991_firmwaremt6739mt8673_firmwaremt8788mt8788_firmwaremt6886mt6761mt8798_firmwaremt6855_firmwaremt6885mt6781_firmwaremt6768mt6878mt8673mt6835_firmwaremt6893_firmwaremt6853_firmwaremt6983_firmwaremt8766_firmwaremt6885_firmwaremt6878_firmwaremt6983mt6897mt6883_firmwaremt6883mt6877mt6991mt6895mt6781mt8781mt6897_firmwaremt6989mt6765_firmwaremt8791tmt6789mt6879_firmwaremt6889mt8765mt6765mt8768_firmwaremt6768_firmwaremt6886_firmwaremt8781_firmwaremt6893mt6985_firmwaremt8768mt6899_firmwaremt6739_firmwaremt8798mt6761_firmwaremt8766mt8910_firmwaremt8786_firmwaremt8786mt8793mt6855mt6989_firmwaremt6853mt6877_firmwaremt8793_firmwaremt6835mt6789_firmwaremt8797_firmwaremt8797mt6895_firmwaremt8910mt6879mt6899mt8791t_firmwareMediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20450
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 21.04%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 05:41
Updated-07 May, 2026 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8668mt8771_firmwaremt6991_firmwaremt2737_firmwaremt6989_firmwaremt8791mt8798_firmwaremt8795t_firmwaremt6875_firmwaremt6891_firmwaremt6883mt6858mt6990_firmwaremt8798mt6853_firmwaremt8893_firmwaremt8771mt6833_firmwaremt6890_firmwaremt8793_firmwaremt6899mt6986_firmwaremt6879mt8755mt6983mt8775mt6890mt8863_firmwaremt6895_firmwaremt6833mt2735mt8668_firmwaremt6855mt2735_firmwaremt8675mt6877_firmwaremt6853mt6895mt6893mt6893_firmwaremt8792mt6885mt8793mt8883mt6877mt6879_firmwaremt8791t_firmwaremt6986mt6886mt8883_firmwaremt6875mt6897mt6891mt6990mt8755_firmwaremt8873_firmwaremt6896mt6980_firmwaremt8676mt6889_firmwaremt6883_firmwaremt6985_firmwaremt8676_firmwaremt6858_firmwaremt8775_firmwaremt8675_firmwaremt8863mt6873_firmwaremt8795tmt8673_firmwaremt6880_firmwaremt6873mt8673mt6878mt8792_firmwaremt6855_firmwaremt8893mt6899_firmwaremt6991mt8873mt6878_firmwaremt6897_firmwaremt8797_firmwaremt8678_firmwaremt6880mt6985mt6989mt6835mt6993_firmwaremt6885_firmwaremt6835_firmwaremt6886_firmwaremt6980mt6896_firmwaremt6889mt8791_firmwaremt2737mt6993mt8678mt8791tmt6983_firmwaremt8797MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20449
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 13.02%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 05:41
Updated-07 May, 2026 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8668mt6779mt6991_firmwaremt2737_firmwaremt8791mt8798_firmwaremt6875_firmwaremt6771mt6990_firmwaremt6768_firmwaremt8771mt6815_firmwaremt8755mt6765mt6890mt8863_firmwaremt6986dmt6895_firmwaremt6833mt2735mt8668_firmwaremt8675mt6877_firmwaremt6767mt6988_firmwaremt6893mt6885mt8793mt8883mt6877mt8791t_firmwaremt6815mt6886mt8883_firmwaremt6875mt6897mt6990mt8873_firmwaremt6896mt6889_firmwaremt6767_firmwaremt6858_firmwaremt8775_firmwaremt6781mt6813mt8863mt6813_firmwaremt6769mt6873_firmwaremt8673_firmwaremt6880_firmwaremt8792_firmwaremt6855_firmwaremt6789_firmwaremt6899_firmwaremt6991mt6897_firmwaremt6880mt6739_firmwaremt6985mt6785_firmwaremt6783_firmwaremt6835mt6761mt6889mt8791_firmwaremt2737mt8797mt8771_firmwaremt6989_firmwaremt6761_firmwaremt6789mt8795t_firmwaremt6891_firmwaremt6883mt6858mt8798mt6853_firmwaremt8893_firmwaremt6833_firmwaremt6769_firmwaremt6890_firmwaremt8793_firmwaremt6899mt6988mt6879mt6983mt8775mt6855mt2735_firmwaremt6853mt6895mt6893_firmwaremt8792mt6879_firmwaremt6986d_firmwaremt6891mt6783mt8755_firmwaremt6765_firmwaremt6763mt6980_firmwaremt8676mt6768mt6883_firmwaremt6985_firmwaremt6762_firmwaremt8676_firmwaremt8675_firmwaremt6781_firmwaremt8795tmt6873mt8673mt6739mt6878mt6771_firmwaremt8893mt6763_firmwaremt6878_firmwaremt8797_firmwaremt8873mt8678_firmwaremt6762mt6989mt6993_firmwaremt6885_firmwaremt6835_firmwaremt6980mt6886_firmwaremt6896_firmwaremt6993mt8678mt8791tmt6785mt6779_firmwaremt6983_firmwareMediaTek chipset
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-20433
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-8.8||HIGH
EPSS-0.34% / 26.38%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 03:25
Updated-10 Apr, 2026 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6885_firmwaremt6983mt2737_firmwaremt8675mt6890_firmwaremt6877ttmt6980d_firmwaremt6891_firmwaremt6833p_firmwaremt6833_firmwaremt8676mt8792_firmwaremt6878_firmwaremt6899_firmwaremt6893_firmwaremt6895_firmwaremt6873_firmwaremt6878m_firmwaremt6985_firmwaremt8893_firmwaremt8771mt6833mt6890mt8791mt6880_firmwaremt8673_firmwaremt6896_firmwaremt6990mt6833pmt6878mmt6886_firmwaremt6885mt8863_firmwaremt6983t_firmwaremt6835_firmwaremt8793_firmwaremt6991mt6835t_firmwaremt6877_firmwaremt8771_firmwaremt6853_firmwaremt8668_firmwaremt6893mt8893mt6853t_firmwaremt8797_firmwaremt8676_firmwaremt6879_firmwaremt8883_firmwaremt8791t_firmwaremt6853mt8792mt8873_firmwaremt2735mt8678mt8863mt6897_firmwaremt6855t_firmwaremt6980dmt6985mt8795t_firmwaremt6877mt8755_firmwaremt6879mt8673mt6895mt6991_firmwaremt8775mt6891mt8791tmt8791_firmwaremt6983tmt6896mt6889_firmwaremt6853tmt6897mt8798mt6877tt_firmwaremt6875t_firmwaremt6983_firmwaremt6889mt8795tmt6980mt6985t_firmwaremt6835mt6985tmt6875mt6989t_firmwaremt8775_firmwaremt6813mt6886mt8798_firmwaremt6877t_firmwaremt6878mt6873mt8793mt6877tmt6875tmt6989mt2737mt6883_firmwaremt6883mt6899mt6835tmt6990_firmwaremt6875_firmwaremt8883mt6980_firmwaremt8873mt8668mt6880mt6813_firmwaremt8678_firmwaremt6855_firmwaremt8675_firmwaremt2735_firmwaremt6895tt_firmwaremt8797mt6855tmt8755mt6855mt6989_firmwaremt6895ttmt6989tMediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20432
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-8||HIGH
EPSS-0.29% / 21.34%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 03:25
Updated-10 Apr, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6885_firmwaremt6983mt2737_firmwaremt8675mt6890_firmwaremt8781_firmwaremt6785_firmwaremt6833_firmwaremt6891_firmwaremt8676mt8792_firmwaremt6878_firmwaremt6899_firmwaremt6893_firmwaremt6895_firmwaremt6873_firmwaremt6789mt8893_firmwaremt6985_firmwaremt8771mt6833mt6815mt6890mt8791mt6880_firmwaremt6779_firmwaremt8673_firmwaremt6896_firmwaremt6990mt6886_firmwaremt6885mt8863_firmwaremt8793_firmwaremt6835_firmwaremt6991mt8771_firmwaremt6877_firmwaremt6853_firmwaremt8668_firmwaremt6993mt6781_firmwaremt8893mt6893mt6879_firmwaremt8797_firmwaremt8676_firmwaremt8883_firmwaremt8789mt8791t_firmwaremt8792mt8873_firmwaremt6853mt2735mt6993_firmwaremt8678mt8863mt6897_firmwaremt6781mt6985mt8795t_firmwaremt6877mt8755_firmwaremt6879mt6789_firmwaremt8673mt6895mt6991_firmwaremt6785mt8775mt6891mt8791tmt8791_firmwaremt8798mt6896mt6889_firmwaremt6897mt8781mt6983_firmwaremt6889mt8795tmt6980mt6835mt6875mt8775_firmwaremt6813mt6886mt8798_firmwaremt6873mt6878mt8793mt6783mt8789_firmwaremt6989mt2737mt6779mt6883_firmwaremt6883mt6899mt6990_firmwaremt6875_firmwaremt8883mt8873mt6980_firmwaremt8668mt6880mt6815_firmwaremt6813_firmwaremt8678_firmwaremt6855_firmwaremt8675_firmwaremt2735_firmwaremt8797mt8755mt6855mt6783_firmwaremt6989_firmwareMediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20445
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 2.38%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6993mt6893mt8771mt6878mt6897mt6879androidmt8797mt6855mt6885mt6889mt8678mt6895mt6886mt6983mt6899mt8755mt8798mt6883mt6985mt6989mt8188mt6835mt6991MediaTek chipset
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-20429
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 0.09%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt8793mt6993mt6878mt6853mt6897mt6879androidmt6855mt6885mt6889mt6765mt8678mt6895mt6761mt6768mt6789mt6781mt6886mt6983mt6899mt6883mt6877mt6985mt8196mt6833mt6989mt6835mt6991MediaTek chipset
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20444
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.15%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt6878mt6853mt8186mt6897mt6879androidmt8673mt6855mt6889mt6765mt8795tmt6761mt6768mt8883mt6789mt6886mt6983mt8768mt8766mt6899mt6877mt8798mt6985mt6833mt8667mt6835mt6781mt6991mt8793mt8771mt8796mt8873mt6885mt8678mt6895mt8676mt8765mt8781mt6883mt8196mt8791tmt6989mt8188mt6993mt8792MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20443
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.15%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt6878mt6853mt8186mt6897mt6879androidmt8673mt6855mt6889mt6765mt8795tmt6761mt6768mt8883mt6789mt6886mt6983mt8768mt8766mt6899mt6877mt8798mt6985mt6833mt8667mt6835mt6781mt6991mt8793mt8771mt8796mt8873mt6885mt8678mt6895mt8676mt8765mt8781mt6883mt8196mt8791tmt6989mt8188mt6993mt8792MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2026-20442
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 0.05%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt6878mt6853mt8186mt6897mt6879androidmt8673mt6855mt6889mt6765mt8795tmt6761mt6768mt8883mt6789mt6886mt6983mt8768mt8766mt6899mt6877mt8798mt6985mt6833mt8667mt6835mt6781mt6991mt8793mt8771mt8796mt8873mt6885mt8678mt6895mt8676mt8765mt8781mt6883mt8196mt8791tmt6989mt8188mt6993mt8792MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2026-20435
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 1.84%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

Action-Not Available
Vendor-rdkcentralOpenWrtGoogle LLCMediaTek Inc.Zephyr ProjectThe Linux Foundation
Product-mt6739mt6893mt6878yoctomt6853mt8186mt6897mt6879rdk-bandroidmt6855mt8169mt6765zephyrmt6761mt6768mt6789mt6886mt6983mt6877mt6985mt8696mt6833mt6781mt2737mt8793mt6813openwrtmt6885mt8678mt6895mt8676mt6890mt6990mt6989mt8188mt6880mt6993mt8370mt8390MediaTek chipset
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-20434
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 12.32%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6739mt6893mt6980mt6878mt6853mt6897mt8668mt6879mt8673mt6855mt8766rmt6769smt6762mt6761mt6768mt6765tmt8666mt8768mt8766mt8755mt8798mt6985mt6769zmt6781mt6783mt8793mt8771mt6833plr12anr17mt6855tmt8797mt6767mt6885mt6771mt8678mt6877ttmt8676mt6990mt8765mt6896mt6883mt6785mt8791tmt6779mt6763mt8791mt2735mt6853tmt6762mmt6785umt6835tmt6875mt8863mt6889mt8789mt6765mt6878mmt8795tmt6891mt8883mt6985tmt6789mt6877tmt6886mt6983mt6899mt6877mt6769mt6769tmt6833mt8667mt6835mt2737mt6991mt6989tmt8873mt8675mt8893mt6873mt6785tmt6983tmt6895ttmt6895lr13mt6890mt8781mt6875tmt8786mt6762dmt6980dmt6769knr15mt6989mt6880mt8788mt8788enr16mt8792MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20428
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.15%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt8793mt6993mt6878mt6853mt6897mt6879androidmt6855mt6885mt6889mt6765mt8678mt6895mt6761mt6768mt6789mt6781mt6886mt6983mt6899mt6883mt6877mt6985mt8196mt6833mt6989mt6835mt6991MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20427
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.15%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt8793mt6993mt6878mt6853mt6897mt6879androidmt6855mt6885mt6889mt6765mt8678mt6895mt6761mt6768mt6789mt6781mt6886mt6983mt6899mt6883mt6877mt6985mt8196mt6833mt6989mt6835mt6991MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20426
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.15%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt8793mt6993mt6878mt6853mt6897mt6879androidmt6855mt6885mt6889mt6765mt8678mt6895mt6761mt6768mt6789mt6781mt6886mt6983mt6899mt6883mt6877mt6985mt8196mt6833mt6989mt6835mt6991MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20425
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.15%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:38
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6739mt6893mt8793mt6993mt6878mt6853mt6897mt6879androidmt6855mt6885mt6889mt6765mt8678mt6895mt6761mt6768mt6789mt6781mt6886mt6983mt6899mt6883mt6877mt6985mt8196mt6833mt6989mt6835mt6991MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20412
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 0.85%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:15
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8365mt8793mt6895mt6897mt8195mt8390mt6989androidmt6881mt8395mt6991mt8188mt6983mt6993mt6878mt8696mt8666mt6985mt8168mt6886mt8673mt8676mt6879mt8667mt6899MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20411
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 0.85%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:15
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8365mt8793mt6895mt6897mt8195mt8390mt6989androidmt6881mt8395mt6991mt8188mt6983mt6993mt6878mt8666mt8370mt6985mt8168mt6886mt8673mt8676mt6879mt8667mt6899MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2026-20406
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-20405
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 11.96%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20404
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.83%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20403
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 11.96%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6855mt6985mt2735mt6890mt6893mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt2737mt6835MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20422
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 11.96%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8775mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20420
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 11.96%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.

Action-Not Available
Vendor-MediaTek Inc.
Product-nr16mt6879mt6989mt6813mt6883nr17mt6897mt6986mt6855mt6985mt2735mt6890mt6893mt6980nr17rmt6853mt6889mt8791mt6990mt6833mt6873mt6878mt6880nr15mt6895mt6896mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt6875mt8676mt6815mt6885mt6991mt2737mt6835MediaTek chipset
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20787
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.07%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt6789mt6739mt8676androidmt6879mt6761mt6855mt6989mt6991mt8796mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt2718mt6853mt8196mt6889mt6877mt6883mt6885mt6983mt6878mt6768mt6781MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2025-20786
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.07%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6768mt6983mt8673mt6895mt6765mt8791tmt8676mt8798mt8186mt6897mt6789mt8196mt8771mt6833mt8781mt6889mt8765mt8795tmt6835mt8667mt6886mt6878mt6885mt8793mt8796mt8768mt6991mt8188mt6989mt6883mt6899mt6893mt8883mt6853mt8792mt8873mt8766mt6761mt8678androidmt6781mt6985mt6739mt6855mt6877mt6879MediaTek chipset
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CVE-2025-20785
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.07%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2025-20784
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.07%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2025-20783
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.07%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:47
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20782
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.22%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20781
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 0.06%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6768mt6983mt8673mt6895mt6765mt8791tmt8676mt8798mt8186mt6897mt6789mt8196mt8771mt6833mt8781mt6889mt8765mt8795tmt6835mt8667mt6886mt6878mt6885mt8793mt8796mt8768mt6991mt8188mt6989mt6883mt6899mt6893mt8883mt6853mt8792mt8873mt8766mt6761mt8678androidmt6781mt6985mt6739mt6855mt6877mt6879MediaTek chipset
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free
CVE-2025-20780
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.27%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2025-20779
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7||HIGH
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-416
Use After Free
CVE-2025-20778
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20760
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.11%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6883mt6897nr17mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8863mt6980mt6853mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6889mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20761
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 14.21%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt6853tmt8791tmt6883mt6897nr17mt8793mt6855mt6833pmt6985mt2735mt8873mt6890mt6893mt6877tmt8863mt6980mt6875tmt6853mt8795tmt2737mt6835tmt8798mt8791mt6990mt8678mt6833mt6873mt6880mt6983tmt8797mt6985tnr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6895ttmt6891mt8675mt6980dmt6875mt6855tmt8676mt6989tmt6889mt6885mt8883mt6877ttmt6835MediaTek chipset
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-20793
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.73%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20794
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.00%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-20795
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.14%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6833mt6886mt6765mt6873mt6580androidmt8395mt6879mt6989mt6991mt8755mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8370mt8195mt8768mt6983mt8792mt8793mt8788emt6878mt6768mt8796mt6789mt6739mt8390mt8391mt8676mt6785mt6761mt6855mt2718mt6853mt8766mt6889mt8186mt8188mt8696mt6883mt8893mt8873mt8791tmt6885mt8883mt6779mt8786mt6781mt8781MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20777
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8768mt6789mt8792mt6989mt8188mt8766mt8873mt8798mt8196mt6833mt8765mt8771mt6739mt6983mt8793mt6895mt8796mt6889mt8186mt8678mt6897mt8667mt8673mt6765mt6883mt6886mt6781mt6835mt6761mt6885mt6991mt8795tmt8781mt6893mt8676mt6855mt6768mt6877mt6899mt6879mt6878mt8791tmt8883androidmt6985mt6853MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20776
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8768mt6789mt8792mt6989mt8188mt8766mt8873mt8798mt8196mt6833mt8765mt8771mt6739mt6983mt8793mt6895mt8796mt6889mt8186mt8678mt6897mt8667mt8673mt6765mt6883mt6886mt6781mt6835mt6761mt6885mt6991mt8795tmt8781mt6893mt8676mt6855mt6768mt6877mt6899mt6879mt6878mt8791tmt8883androidmt6985mt6853MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20775
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765mt8795tandroidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt8768mt6983mt8792mt8793mt8667mt6878mt6768mt8796mt8798mt6789mt6739mt8676mt8771mt6761mt6855mt8766mt6853mt6889mt8186mt8188mt6883mt8765mt8791tmt8873mt6885mt8673mt8883mt6781mt8781MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-416
Use After Free
CVE-2025-20774
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6789mt8792mt6989mt8196mt6833mt6739mt6983mt8793mt6895mt6889mt8678mt6897mt6765mt6883mt6886mt6781mt6835mt6761mt6885mt6991mt6893mt2718mt6855mt6768mt6877mt8676mt6899mt6879mt6878androidmt6985mt6853MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20773
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765androidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt6983mt8792mt8793mt6878mt6768mt6789mt6739mt8676mt6761mt6855mt2718mt6853mt6889mt6883mt6885mt6781MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793
CWE ID-CWE-416
Use After Free
CVE-2025-20772
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6833mt6886mt6765androidmt6879mt6989mt6991mt6893mt6895mt6835mt6897mt6985mt6899mt8678mt8196mt6877mt6983mt8792mt8793mt6878mt6768mt6789mt6739mt8676mt6761mt6855mt2718mt6853mt6889mt6883mt6885mt6781MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883
CWE ID-CWE-416
Use After Free
CVE-2025-20771
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6789mt8792mt6989mt8196mt6833mt6739mt6983mt8793mt6895mt6889mt8678mt6897mt6765mt6883mt6886mt6781mt6835mt6761mt6885mt6991mt6893mt2718mt6855mt6768mt6877mt8676mt6899mt6879mt6878androidmt6985mt6853MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2025-20770
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.10%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6789mt8792mt6989mt8196mt6833mt6739mt6983mt8793mt6895mt6889mt8678mt6897mt6765mt6883mt6886mt6781mt6835mt6761mt6885mt6991mt6893mt2718mt6855mt6768mt6877mt8676mt6899mt6879mt6878androidmt6985mt6853MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793
CWE ID-CWE-416
Use After Free
CVE-2025-20769
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-3.4||LOW
EPSS-0.07% / 0.08%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6789mt8792mt6989mt8196mt6833mt6739mt6983mt8793mt6895mt6889mt8678mt6897mt6765mt6883mt6886mt6781mt6835mt6761mt6885mt6991mt6893mt2718mt6855mt6768mt6877mt8676mt6899mt6879mt6878androidmt6985mt6853MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20768
Assigner-MediaTek, Inc.
ShareView Details
Assigner-MediaTek, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.16%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 02:34
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt6883mt6789mt6886mt6989mt6781mt6835mt6761mt6885mt6991mt6833mt6893mt6739mt6983mt6855mt6895mt6768mt6877mt6899mt6879mt6878mt6853mt6889mt6985androidmt6897mt6765MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next