21
CVEs
0
Critical
8
High
0
KEV
0
PoC
0
Unpatched C/H
95.2%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
8
MEDIUM
13
LOW
0
Monthly CVE Trend
Affected Products (30)
Android
90
Linux Kernel
63
Mt7628 Firmware
20
Mt7629 Firmware
20
Mt7622 Firmware
20
Mt7615 Firmware
20
Mt7915 Firmware
20
Mt7603E Firmware
20
Mt7613 Firmware
20
Mt7620 Firmware
10
Mt7612 Firmware
10
Mt7610 Firmware
9
Debian Linux
5
Note 5 Firmware
3
Mega 5 Firmware
2
Hes 319M2W Firmware
1
Columbia Tl00D Firmware
1
Bm2022 Firmware
1
Nova Firmware
1
Princeton Al10B Firmware
1
Haier G8 Firmware
1
Mt8163 Firmware
1
Solidfire Hci Management Node
1
A4 Firmware
1
Tony Tl00B Firmware
1
Bl5000 Firmware
1
Infinity U965 Firmware
1
Primo G3 Firmware
1
Nova 4 Firmware
1
G100 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-71071 | In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: fix use-after-free on probe deferral The driver is dropping the references taken to the larb devices during probe after successful lookup as well as on errors. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2023-53274 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183: Add back SSPM related clocks This reverts commit 860690a93ef23b567f781c1b631623e27190f101. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-31584 | Use-after-free in Linux kernel MediaTek video encoder allows local authenticated users to corrupt memory and potentially execute arbitrary code. The flaw affects the vcodec driver's encoder release path where ctx memory is freed before canceling scheduled workqueue tasks, enabling race conditions between cleanup and worker threads that may dereference freed memory. KASAN-confirmed exploitation requires local access with low privileges (CVSS AV:L/PR:L). Patches available for kernel versions 6.12.83, 6.18.24, 6.19.14, and 7.0.1. EPSS score of 0.02% (5th percentile) indicates very low probability of automated exploitation, with no public exploit identified at time of analysis. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-45909 | Local privilege escalation potential in the Linux kernel's MediaTek clock gate driver stems from incorrect use of __initconst annotations on mtk_gate structures that are accessed at runtime, not just during initialization. After kernel init completes, the memory backing these structs is freed, so any runtime access reads freed memory - affecting Linux 6.18 prior to stable releases 6.18.14 and 6.19.4. CVSS rates this 7.8 (High) with local attack vector; EPSS is 0.02% and no public exploit identified at time of analysis. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-46308 | Local privilege escalation and memory corruption in the Linux kernel's MediaTek power-domain (pmdomain) driver stems from a use-after-free in scpsys_get_bus_protection_legacy(), where a device node is released via of_node_put() before the error path dereferences it in dev_err_probe(). Affecting kernels using the MediaTek SCPSYS legacy bus-protection code path (typically ARM/ARM64 MediaTek SoC platforms), a local low-privileged attacker able to influence the probe error path could corrupt freed kernel memory, with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile). | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2023-53388 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtk_drm_bind() can fail, in which case drm_dev_put() is called, destroying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-21030 | Improper access control in the MediaTek Audio HAL on Samsung Mobile Devices running Android 14, 15, and 16 permits local unprivileged attackers to invoke restricted privileged functions within the audio subsystem. The CVSS 4.0 subsequent system impact is rated High across confidentiality, integrity, and availability (SC:H/SI:H/SA:H), indicating that successful exploitation can cascade well beyond the Audio HAL itself to compromise broader device system components. No public exploit identified at time of analysis; Samsung has released a fix in SMR Jun-2026 Release 1. | MEDIUM | 6.4 | 0.0% | 32 |
No patch
|
| CVE-2026-53317 | Firmware crash in the Linux kernel's mt76/mt7921 WiFi driver allows a local low-privileged user to cause denial of service by triggering station Association ID (AID) values above the firmware's undocumented limit of 20. Affected hardware includes Mediatek mt7922 chipsets operating in AP mode (IFTYPE_AP). Exploitation requires running a non-standard hostapd configuration that allocates AIDs starting at 65 or higher - stock hostapd is not affected. No public exploit has been identified and EPSS is 0.16% (5th percentile), indicating very low exploitation likelihood. | MEDIUM | 5.5 | 0.2% | 28 |
|
| CVE-2026-45881 | Memory exhaustion via the MediaTek SVS (Smart Voltage Scaling) debugfs interface in the Linux kernel allows a local attacker with low privileges to leak kernel memory on MediaTek SoC-based systems. The root cause is that `svs_enable_debug_write()` allocates a buffer via `memdup_user_nul()` to copy user-supplied input, but fails to free it when the subsequent `kstrtoint()` call rejects non-integer input - a classic CWE-401 missing-release flaw. No public exploit has been identified and EPSS is 0.02% (7th percentile), making this a low-urgency, patch-when-convenient issue for the narrow device population running affected MediaTek SoC kernels. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2023-53424 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2026-31562 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register The | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2022-50392 | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() The node returned by of_parse_phandle(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2023-53389 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached The MediaTek DisplayPort interface bridge driver starts its. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2023-53425 | In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still dereferenced. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2023-53325 | {err,info}() to dev_{err,info}() in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer. | MEDIUM | 5.5 | 0.0% | 28 |
|