Skip to main content

Mediatek Chipset CVE-2026-20431

| EUVDEUVD-2026-19564 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-04-07 MediaTek
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 03:45 euvd
EUVD-2026-19564
Analysis Generated
Apr 07, 2026 - 03:45 vuln.today
CVE Published
Apr 07, 2026 - 03:25 nvd
MEDIUM 6.5

DescriptionCVE.org

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.

AnalysisAI

Remote denial of service in MediaTek modem chipsets allows unauthenticated attackers to crash the system via a logic error when connecting to a rogue base station. The vulnerability affects 19 MediaTek chipset models (MT8678, MT6899, MT6897, and others) with no authentication or user interaction required. EPSS score of 0.08% (24th percentile) and CISA SSVC framework rating of no confirmed exploitation and partial technical impact suggest this is a low real-world priority despite the moderate CVSS 6.5 score.

Technical ContextAI

The vulnerability resides in MediaTek modem firmware and is triggered by improper handling of malformed or adversarial radio signals from a rogue base station. The root cause is classified as CWE-770 (Allocation of Resources Without Limits or Throttling), indicating the modem fails to properly validate or rate-limit certain base station communications, causing resource exhaustion or uncontrolled memory allocation that leads to system crash. This affects the LTE/5G radio stack in SoCs used in mobile devices, where the modem firmware runs in a separate execution context from the application processor. The attack surface is the air interface (AV:A per CVSS), requiring the attacker to operate a rogue base station or simulate cellular network signals within proximity of the target device.

RemediationAI

MediaTek has released a firmware patch identified as MOLY01106496 addressing the logic error in modem base station signal handling. Device manufacturers using affected chipsets should apply this patch through their firmware release process and distribute updates to end users. End users should apply modem firmware updates when made available by their device manufacturer. No workaround is available to mitigate the vulnerability without firmware patching, as the flaw resides in the modem firmware layer below operating system controls. Additional details are available in MediaTek's security advisory at https://corp.mediatek.com/product-security-bulletin/April-2026.

CVE-2026-20433 HIGH
8.8 Apr 07

Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-cont

CVE-2026-20432 HIGH
8.0 Apr 07

Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment con

CVE-2026-20452 HIGH
8.0 Jun 01

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user

CVE-2026-20455 HIGH
7.8 Jun 01

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gain

CVE-2026-20458 HIGH
7.5 Jul 01

Remote privilege escalation in the baseband modem firmware of dozens of MediaTek chipsets allows an attacker operating a

CVE-2026-20462 MEDIUM
6.7 Jul 01

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Andr

CVE-2026-20463 MEDIUM
6.7 Jul 01

Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System

CVE-2026-20453 MEDIUM
6.7 Jun 01

Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to

CVE-2026-20451 MEDIUM
6.7 May 04

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege esca

CVE-2026-20447 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors t

CVE-2026-20448 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission check

CVE-2026-20450 MEDIUM
6.5 May 04

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via

Share

CVE-2026-20431 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy