Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
AnalysisAI
Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission checks in geniezone allows attackers with System privilege to escalate their access without user interaction. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but EPSS score of 0.02% (4th percentile) and SSVC 'none' exploitation status indicate this vulnerability has not been observed in active, widespread exploitation despite the low barrier to exploitation from privileged context.
Technical ContextAI
The vulnerability exists in geniezone, a security-sensitive component within MediaTek chipsets. The missing permission check (CWE-280: Improper Handling of Insufficient Permissions or Privileges) permits a process already running with System privilege to bypass authorization controls and access protected resources or functionality without proper validation. This is a privilege escalation within the privileged domain rather than from unprivileged to privileged context. The affected chipsets span multiple MediaTek product lines including the MT6-series (mobile SoCs) and MT8-series (tablet/IoT SoCs), indicating a systemic validation gap in the geniezone implementation across multiple chipset architectures.
RemediationAI
Apply patch ID ALPS10708513 to affected MediaTek chipsets via firmware or system software update from the chipset manufacturer or device OEM. This is the primary and only known remediation path. Since the vulnerability requires System privilege to exploit, as an interim compensating control, restrict System privilege assignments to the minimum necessary processes and implement code integrity verification (e.g., mandatory code signing in the geniezone component) to prevent System-level malware from reaching the escalation point. However, no compensating control fully mitigates the underlying missing permission check; patching is essential. Device manufacturers and ODMs should prioritize deployment of ALPS10708513 to all consumer and enterprise devices using affected chipsets. Refer to MediaTek's product security bulletin at https://corp.mediatek.com/product-security-bulletin/May-2026 for chipset-specific patch availability and timelines.
More in Mediatek Chipset
View allOut-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-cont
Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment con
Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user
Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gain
Remote privilege escalation in the baseband modem firmware of dozens of MediaTek chipsets allows an attacker operating a
Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Andr
Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System
Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to
Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege esca
Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors t
Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via
Remote denial of service in MediaTek modem chipsets allows unauthenticated attackers to crash the system via a logic err
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26888