Mediatek Inc Mediatek Chipset vulnerabilities

CVE-2026-20440 [MEDIUM] CWE-1285 CVE-2026-20440: In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.

CVE-2026-20429 [MEDIUM] CWE-125 CVE-2026-20429: In display, there is a possible out of bounds read due to a missing bounds check. This could lead to In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.

CVE-2026-20438 [MEDIUM] CWE-367 CVE-2026-20438: In MAE, there is a possible out of bounds write due to a race condition. This could lead to local es In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.

CVE-2026-20441 [MEDIUM] CWE-787 CVE-2026-20441: In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.

CVE-2026-20442 [MEDIUM] CWE-416 CVE-2026-20442: In display, there is a possible system crash due to use after free. This could lead to local denial In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.

CVE-2026-20418 [CRITICAL] CWE-787 CVE-2026-20418: In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID: MSV-4927.

CVE-2026-20407 [CRITICAL] CWE-787 CVE-2026-20407: In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.

CVE-2026-20409 [HIGH] CWE-787 CVE-2026-20409: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.

CVE-2026-20408 [HIGH] CWE-122 CVE-2026-20408: In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to r In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.

CVE-2026-20412 [HIGH] CWE-787 CVE-2026-20412: In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.

CVE-2026-20401 [HIGH] CWE-617 CVE-2026-20401: In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote d In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

CVE-2026-20411 [HIGH] CWE-416 CVE-2026-20411: In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.

CVE-2026-20403 [MEDIUM] CWE-787 CVE-2026-20403: In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259

CVE-2026-20417 [MEDIUM] CWE-787 CVE-2026-20417: In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to l In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.

CVE-2026-20402 [MEDIUM] CWE-787 CVE-2026-20402: In Modem, there is a possible system crash due to improper input validation. This could lead to remo In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.

CVE-2026-20406 [MEDIUM] CWE-770 CVE-2026-20406: In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote d In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.

CVE-2026-20414 [MEDIUM] CWE-416 CVE-2026-20414: In imgsys, there is a possible escalation of privilege due to use after free. This could lead to loc In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.

CVE-2026-20419 [MEDIUM] CWE-754 CVE-2026-20419: In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught excepti In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

CVE-2026-20421 [MEDIUM] CWE-125 CVE-2026-20421: In Modem, there is a possible system crash due to improper input validation. This could lead to remo In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922.

CVE-2026-20415 [MEDIUM] CWE-415 CVE-2026-20415: In imgsys, there is a possible memory corruption due to improper locking. This could lead to local d In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.