{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20410", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.008Z", "datePublished": "2026-02-02T08:15:01.285Z", "dateUpdated": "2026-03-30T13:03:03.420Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:03:03.420Z"}, "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT6897", "status": "affected"}, {"version": "MT6989", "status": "affected"}, {"version": "MT8370", "status": "affected"}, {"version": "MT8390", "status": "affected"}, {"version": "MT8395", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20410", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-03T04:55:38.839595Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:38.808Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20410", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-03T04:55:38.839595Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T13:56:28.126Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT6897"}, {"status": "affected", "version": "MT6989"}, {"status": "affected", "version": "MT8370"}, {"status": "affected", "version": "MT8390"}, {"status": "affected", "version": "MT8395"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:03:03.420Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20410", "state": "PUBLISHED", "dateUpdated": "2026-03-30T13:03:03.420Z", "dateReserved": "2025-11-03T01:30:59.008Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-02-02T08:15:01.285Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760."}, {"lang": "es", "value": "En imgsys, hay una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltante. Esto podr\u00eda llevar a una escalada local de privilegios si un actor malicioso ya ha obtenido el privilegio de Sistema. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID del parche: ALPS10362552; ID del problema: MSV-5760."}], "id": "CVE-2026-20410", "lastModified": "2026-02-04T13:46:35.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-02T09:15:55.913", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T17:33:34.506534+00:00", "value": {"mitigation_remediation": ["Apply the MediaTek firmware update that includes patch ALPS10362552 (Issue\u202fMSV\u20115760).", "If the device firmware cannot be updated immediately, restrict access to administrative functions that may grant system privilege and disable or remove the imgsys driver if it is not required for device operation.", "Enable device security logging to capture abnormal memory operations that may indicate exploitation of the imgsys component."], "summary": {"action": "Apply patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Chipsets that include the vulnerable component are MediaTek MT6897, MT6989, MT8370, MT8390 and MT8395, as well as devices running Android 15.0 that depend on these chipsets. All affected hardware runs the proprietary imgsys firmware bundled with the device\u2019s SoC.", "description_and_impact": "MediaTek\u2019s imgsys module has a missing bounds check that can cause an out-of-bounds write. An attacker who already has system privileges can overwrite adjacent memory, potentially raising privileges or causing other unintended behavior. The flaw is categorized as CWE\u2011787, indicating untrusted data leads to an arbitrary write.", "risk_and_exploitability": "The CVSS v3 score of 6.7 places the vulnerability in the high severity range. EPSS indicates an exploitation likelihood of less than 1\u202f%, and the flaw is not listed in the CISA KEV catalog. Exploitation requires local presence and system\u2011level privileges, and no user interaction is needed. Consequently, risk is moderate to high for environments where an unprivileged user can attain system privilege, such as through physical access or other compromise vectors."}}}}, "created": "2026-02-04T12:44:49.823574+00:00", "title": "Out-of-Bounds Write in MediaTek Chipset ImgSys Enables Local Privilege Escalation", "updated": "2026-04-16T17:45:27.368283+00:00", "vendors": ["mediatek", "mediatek$PRODUCT$mt6897", "mediatek$PRODUCT$mt6989", "mediatek$PRODUCT$mt8370", "mediatek$PRODUCT$mt8390", "mediatek$PRODUCT$mt8395"]}