{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20437", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.012Z", "datePublished": "2026-03-02T08:39:16.000Z", "dateUpdated": "2026-03-30T13:05:43.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:05:43.901Z"}, "descriptions": [{"lang": "en", "value": "In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT2718", "status": "affected"}, {"version": "MT6899", "status": "affected"}, {"version": "MT6991", "status": "affected"}, {"version": "MT8678", "status": "affected"}, {"version": "MT8793", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T13:53:12.127653Z", "id": "CVE-2026-20437", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T13:53:16.003Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T13:53:12.127653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T13:53:07.110Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT2718"}, {"status": "affected", "version": "MT6899"}, {"status": "affected", "version": "MT6991"}, {"status": "affected", "version": "MT8678"}, {"status": "affected", "version": "MT8793"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:05:43.901Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20437", "state": "PUBLISHED", "dateUpdated": "2026-03-30T13:05:43.901Z", "dateReserved": "2025-11-03T01:30:59.012Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-03-02T08:39:16.000Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt2718:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5506327-7DDF-4E88-9EA8-10B8E32F848B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", "matchCriteriaId": "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD3487-F8CE-406C-8BD7-DD57FF8CD60B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843."}], "id": "CVE-2026-20437", "lastModified": "2026-03-03T12:48:58.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T09:16:16.880", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt2718", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt6899", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt6991", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8678", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8793", "vendor": "mediatek"}], "analysis": {"en": {"generated_at": "2026-04-16T05:54:03.742150+00:00", "value": {"mitigation_remediation": ["Apply the MediaTek firmware update identified by patch ID ALPS10431940 to all affected devices.", "If the patch is not feasible immediately, schedule a firmware upgrade as soon as the patched image is available.", "Validate firmware integrity by checking cryptographic signatures before installation to prevent rollback or tampered images."], "summary": {"action": "Patch Update", "impact": "Local Denial of Service"}, "threat_synthesis": {"affected_systems": "MediaTek chipsets MT2718, MT6899, MT6991, MT8678, MT8793 and devices running Android 15.0 that incorporate the MAE component are affected. All firmware on those platforms must be checked for the presence of the flaw.", "description_and_impact": "A use\u2011after\u2011free flaw in MediaTek\u2019s MAE component can trigger a system crash, which manifests as a local denial of service. The vulnerability requires that the attacking process already have system privilege to trigger the fault, and no user interaction is needed for exploitation. The crash does not expose data, but it can temporarily disrupt device operation.", "risk_and_exploitability": "The CVSS score of 4.4 indicates moderate severity, while the EPSS score of less than 1% suggests that the likelihood of exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. Exploitation is only feasible when an attacker already has system privilege on the device, which limits the scope to local or privileged contexts. Consequently, the overall risk remains low, but the flaw can still be used to crash the device for a short interruption of service."}}}}, "created": "2026-03-03T08:45:45.888133+00:00", "title": "Potential Use-After-Free Leading to Local Denial of Service in MediaTek MAE", "updated": "2026-04-16T06:00:10.148595+00:00", "vendors": ["mediatek", "mediatek$PRODUCT$mt2718", "mediatek$PRODUCT$mt6899", "mediatek$PRODUCT$mt6991", "mediatek$PRODUCT$mt8678", "mediatek$PRODUCT$mt8793"]}