Skip to main content

Mediatek

Vendor security scorecard – 7 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 12
7
CVEs
0
Critical
3
High
0
KEV
0
PoC
0
Unpatched C/H
85.7%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
3
MEDIUM
4
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-31584 Use-after-free in Linux kernel MediaTek video encoder allows local authenticated users to corrupt memory and potentially execute arbitrary code. The flaw affects the vcodec driver's encoder release path where ctx memory is freed before canceling scheduled workqueue tasks, enabling race conditions between cleanup and worker threads that may dereference freed memory. KASAN-confirmed exploitation requires local access with low privileges (CVSS AV:L/PR:L). Patches available for kernel versions 6.12.83, 6.18.24, 6.19.14, and 7.0.1. EPSS score of 0.02% (5th percentile) indicates very low probability of automated exploitation, with no public exploit identified at time of analysis. HIGH 7.8 0.0% 39
CVE-2026-45909 Local privilege escalation potential in the Linux kernel's MediaTek clock gate driver stems from incorrect use of __initconst annotations on mtk_gate structures that are accessed at runtime, not just during initialization. After kernel init completes, the memory backing these structs is freed, so any runtime access reads freed memory - affecting Linux 6.18 prior to stable releases 6.18.14 and 6.19.4. CVSS rates this 7.8 (High) with local attack vector; EPSS is 0.02% and no public exploit identified at time of analysis. HIGH 7.8 0.0% 39
CVE-2026-46308 Local privilege escalation and memory corruption in the Linux kernel's MediaTek power-domain (pmdomain) driver stems from a use-after-free in scpsys_get_bus_protection_legacy(), where a device node is released via of_node_put() before the error path dereferences it in dev_err_probe(). Affecting kernels using the MediaTek SCPSYS legacy bus-protection code path (typically ARM/ARM64 MediaTek SoC platforms), a local low-privileged attacker able to influence the probe error path could corrupt freed kernel memory, with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile). HIGH 7.8 0.0% 39
CVE-2026-21030 Improper access control in the MediaTek Audio HAL on Samsung Mobile Devices running Android 14, 15, and 16 permits local unprivileged attackers to invoke restricted privileged functions within the audio subsystem. The CVSS 4.0 subsequent system impact is rated High across confidentiality, integrity, and availability (SC:H/SI:H/SA:H), indicating that successful exploitation can cascade well beyond the Audio HAL itself to compromise broader device system components. No public exploit identified at time of analysis; Samsung has released a fix in SMR Jun-2026 Release 1. MEDIUM 6.4 0.0% 32
No patch
CVE-2026-53317 Firmware crash in the Linux kernel's mt76/mt7921 WiFi driver allows a local low-privileged user to cause denial of service by triggering station Association ID (AID) values above the firmware's undocumented limit of 20. Affected hardware includes Mediatek mt7922 chipsets operating in AP mode (IFTYPE_AP). Exploitation requires running a non-standard hostapd configuration that allocates AIDs starting at 65 or higher - stock hostapd is not affected. No public exploit has been identified and EPSS is 0.16% (5th percentile), indicating very low exploitation likelihood. MEDIUM 5.5 0.2% 28
CVE-2026-45881 Memory exhaustion via the MediaTek SVS (Smart Voltage Scaling) debugfs interface in the Linux kernel allows a local attacker with low privileges to leak kernel memory on MediaTek SoC-based systems. The root cause is that `svs_enable_debug_write()` allocates a buffer via `memdup_user_nul()` to copy user-supplied input, but fails to free it when the subsequent `kstrtoint()` call rejects non-integer input - a classic CWE-401 missing-release flaw. No public exploit has been identified and EPSS is 0.02% (7th percentile), making this a low-urgency, patch-when-convenient issue for the narrow device population running affected MediaTek SoC kernels. MEDIUM 5.5 0.0% 28
CVE-2026-31562 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register The MEDIUM 5.5 0.0% 28

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy