CVE-2026-20402

Summary

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT2735affected
MediaTek, Inc.MediaTek chipsetMT6833affected
MediaTek, Inc.MediaTek chipsetMT6853affected
MediaTek, Inc.MediaTek chipsetMT6855affected
MediaTek, Inc.MediaTek chipsetMT6873affected
MediaTek, Inc.MediaTek chipsetMT6875affected
MediaTek, Inc.MediaTek chipsetMT6877affected
MediaTek, Inc.MediaTek chipsetMT6880affected
MediaTek, Inc.MediaTek chipsetMT6883affected
MediaTek, Inc.MediaTek chipsetMT6885affected
MediaTek, Inc.MediaTek chipsetMT6889affected
MediaTek, Inc.MediaTek chipsetMT6890affected
MediaTek, Inc.MediaTek chipsetMT6891affected
MediaTek, Inc.MediaTek chipsetMT6893affected
MediaTek, Inc.MediaTek chipsetMT8675affected
MediaTek, Inc.MediaTek chipsetMT8771affected
MediaTek, Inc.MediaTek chipsetMT8791affected
MediaTek, Inc.MediaTek chipsetMT8791Taffected
MediaTek, Inc.MediaTek chipsetMT8797affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References