{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20439", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.012Z", "datePublished": "2026-03-02T08:39:19.895Z", "dateUpdated": "2026-03-30T13:05:49.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:05:49.815Z"}, "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT2718", "status": "affected"}, {"version": "MT6899", "status": "affected"}, {"version": "MT6991", "status": "affected"}, {"version": "MT8678", "status": "affected"}, {"version": "MT8793", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T13:56:59.855391Z", "id": "CVE-2026-20439", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T13:57:05.208Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20439", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T13:56:59.855391Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T13:56:52.284Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT2718"}, {"status": "affected", "version": "MT6899"}, {"status": "affected", "version": "MT6991"}, {"status": "affected", "version": "MT8678"}, {"status": "affected", "version": "MT8793"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-03-30T13:05:49.815Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20439", "state": "PUBLISHED", "dateUpdated": "2026-03-30T13:05:49.815Z", "dateReserved": "2025-11-03T01:30:59.012Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-03-02T08:39:19.895Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt2718:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5506327-7DDF-4E88-9EA8-10B8E32F848B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", "matchCriteriaId": "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD3487-F8CE-406C-8BD7-DD57FF8CD60B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826."}], "id": "CVE-2026-20439", "lastModified": "2026-03-03T12:47:36.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T09:16:17.170", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/March-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt2718", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt6899", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt6991", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8678", "vendor": "mediatek"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android 15.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MT2718, MT6899, MT6991, MT8678, MT8793", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mt8793", "vendor": "mediatek"}], "analysis": {"en": {"generated_at": "2026-04-16T05:53:14.196126+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch identified as ALPS10431955.", "Configure the device so that no untrusted applications can acquire System privilege, thereby limiting the attacker\u2019s ability to reach the vulnerable component.", "If a timely patch is not available, reboot the device after a crash and consider disabling or restricting imgsys\u2011related services to prevent further instability."], "summary": {"action": "Patch Now", "impact": "Local Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected products include MediaTek chipsets MT2718, MT6899, MT6991, MT8678, and MT8793, which appear in a variety of devices running Google Android 15.0. The CVE entry does not specify any particular firmware or software revision numbers, so any device using the aforementioned chipsets and operating system is potentially vulnerable.", "description_and_impact": "The vulnerability resides in the MediaTek imgsys component where a use after free condition can cause a system crash. An attacker with System level privileges can trigger this flaw, resulting in a local denial of service on the affected device. The problem is a classic memory misuse leading to instability rather than information disclosure or code execution.", "risk_and_exploitability": "The CVSS score of 4.4 indicates moderate severity, while an EPSS score of less than 1% suggests exploitation is unlikely under normal conditions. The vulnerability is not listed in the CISA KEV catalog. Exfiltration is not necessary; an attacker must already have System privilege to affect the process, so the attack vector is local and requires elevated privileges. A malicious actor could repeatedly trigger crashes to disrupt device operation, but remote exploitation is not possible without local access."}}}}, "created": "2026-03-03T08:45:42.988985+00:00", "title": "Use\u2011After\u2011Free Leading to Local Denial of Service in MediaTek img\u00a0sys", "updated": "2026-04-16T06:00:10.145166+00:00", "vendors": ["mediatek", "mediatek$PRODUCT$mt2718", "mediatek$PRODUCT$mt6899", "mediatek$PRODUCT$mt6991", "mediatek$PRODUCT$mt8678", "mediatek$PRODUCT$mt8793"], "weaknesses": ["CWE-416"]}