Skip to main content

Mediatek Chipset EUVDEUVD-2026-19569

| CVE-2026-20446 MEDIUM
Out-of-bounds Write (CWE-787)
2026-04-07 MediaTek
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 03:45 euvd
EUVD-2026-19569
Analysis Generated
Apr 07, 2026 - 03:45 vuln.today
CVE Published
Apr 07, 2026 - 03:25 nvd
MEDIUM 4.3

DescriptionCVE.org

In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899.

AnalysisAI

Integer overflow in MediaTek secure boot (sec boot) leads to out-of-bounds write causing local denial of service on affected MediaTek chipsets. Attack requires physical device access and local user execution privileges, with no user interaction needed. EPSS score of 0.02% and CISA SSVC assessment of 'none' exploitation status indicate low real-world risk despite the moderate CVSS base score of 4.3.

Technical ContextAI

The vulnerability exists in the secure boot component of MediaTek chipsets, specifically in integer handling that fails to validate bounds before memory operations. This is classified as CWE-787 (out-of-bounds write), which occurs when an integer overflow calculation produces a value that bypasses buffer bounds checks, allowing writes beyond allocated memory regions. The affected products are MediaTek chipsets including the MT6813, which are widely integrated into mobile and IoT devices. The physical attack vector requirement significantly constrains exploitation scenarios, as it mandates direct hardware access to the target device.

RemediationAI

MediaTek has released a patch identified as ALPS09963054 (Issue ID: MSV-3899) to address the integer overflow in secure boot. Devices should be updated to firmware versions incorporating this patch via manufacturer-issued over-the-air (OTA) updates or through direct device firmware updates available from the product vendor. No workarounds are available for this hardware-level vulnerability; patching or firmware update is the only mitigation. Reference MediaTek's Product Security Bulletin (https://corp.mediatek.com/product-security-bulletin/April-2026) and the National Vulnerability Database entry (https://nvd.nist.gov/vuln/detail/CVE-2026-20446) for specific device model guidance and update availability.

CVE-2026-20433 HIGH
8.8 Apr 07

Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-cont

CVE-2026-20432 HIGH
8.0 Apr 07

Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment con

CVE-2026-20452 HIGH
8.0 Jun 01

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user

CVE-2026-20455 HIGH
7.8 Jun 01

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gain

CVE-2026-20458 HIGH
7.5 Jul 01

Remote privilege escalation in the baseband modem firmware of dozens of MediaTek chipsets allows an attacker operating a

CVE-2026-20462 MEDIUM
6.7 Jul 01

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Andr

CVE-2026-20463 MEDIUM
6.7 Jul 01

Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System

CVE-2026-20453 MEDIUM
6.7 Jun 01

Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to

CVE-2026-20451 MEDIUM
6.7 May 04

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege esca

CVE-2026-20447 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors t

CVE-2026-20448 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission check

CVE-2026-20450 MEDIUM
6.5 May 04

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via

Share

EUVD-2026-19569 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy