{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20424", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.010Z", "datePublished": "2026-03-02T08:39:31.764Z", "dateUpdated": "2026-03-30T13:06:09.623Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:06:09.623Z"}, "descriptions": [{"lang": "en", "value": "In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT6991", "status": "affected"}, {"version": "MT6993", "status": "affected"}, {"version": "MT8196", "status": "affected"}, {"version": "MT8678", "status": "affected"}, {"version": "MT8793", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T13:57:31.584904Z", "id": "CVE-2026-20424", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T13:57:35.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T13:57:31.584904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T13:57:27.242Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT6991"}, {"status": "affected", "version": "MT6993"}, {"status": "affected", "version": "MT8196"}, {"status": "affected", "version": "MT8678"}, {"status": "affected", "version": "MT8793"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:06:09.623Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20424", "state": "PUBLISHED", "dateUpdated": "2026-03-30T13:06:09.623Z", "dateReserved": "2025-11-03T01:30:59.010Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-03-02T08:39:31.764Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*", "matchCriteriaId": "02882AB1-7993-47DD-84A0-8DF4272D85ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E92BE0-5E65-4770-8E1A-0E5D07A38164", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", "matchCriteriaId": "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD3487-F8CE-406C-8BD7-DD57FF8CD60B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540."}], "id": "CVE-2026-20424", "lastModified": "2026-03-03T13:11:04.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T09:16:15.493", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0, 16.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT6991, MT6993, MT8196, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt6991", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0, 16.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT6991, MT6993, MT8196, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt6993", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0, 16.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT6991, MT6993, MT8196, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8196", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0, 16.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT6991, MT6993, MT8196, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8678", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0, 16.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT6991, MT6993, MT8196, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8793", "vendor": "mediatek"}], "analysis": {"en": {"generated_at": "2026-04-16T14:35:50.220153+00:00", "value": {"mitigation_remediation": ["Apply the MediaTek patch ALPS10320471 to all affected chipsets.", "Update the Android operating system to the latest patch level that includes the chipset fix.", "If no patch is available, ensure firmware and drivers are upgraded to the vendor\u2011supplied secure versions."], "summary": {"action": "Patch", "impact": "Local Information Disclosure"}, "threat_synthesis": {"affected_systems": "The issue affects several MediaTek series chipsets, including MT6991, MT6993, MT8196, MT8678, and MT8793. Devices running Android 15.0 and Android 16.0 that incorporate these chipsets are also impacted. The vendor has released a patch identified as ALPS10320471 to address the flaw.", "description_and_impact": "A missing bounds check in the display component of certain MediaTek chipsets allows an out\u2011of\u2011bounds read that can reveal sensitive data on the device. The vulnerability is an Out\u2011of\u2011Bounds Read (CWE\u2011125) where an attacker with system\u2011level privileges can obtain memory contents that the software normally protects.", "risk_and_exploitability": "The CVSS base score of 4.4 rates the severity as moderate, and the EPSS score is below 1%, indicating very low current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local system privileges and does not need user interaction, so the risk is confined to privileged attackers within the device."}}}}, "created": "2026-03-03T08:45:37.112362+00:00", "title": "Out\u2011of\u2011Bounds Read Leading to Local Information Disclosure on MediaTek Chipsets", "updated": "2026-04-16T14:45:25.937194+00:00", "vendors": ["mediatek", "mediatek$PRODUCT$mt6991", "mediatek$PRODUCT$mt6993", "mediatek$PRODUCT$mt8196", "mediatek$PRODUCT$mt8678", "mediatek$PRODUCT$mt8793"]}