CVE-2026-20412

Summary

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT6878affected
MediaTek, Inc.MediaTek chipsetMT6879affected
MediaTek, Inc.MediaTek chipsetMT6881affected
MediaTek, Inc.MediaTek chipsetMT6886affected
MediaTek, Inc.MediaTek chipsetMT6895affected
MediaTek, Inc.MediaTek chipsetMT6897affected
MediaTek, Inc.MediaTek chipsetMT6899affected
MediaTek, Inc.MediaTek chipsetMT6983affected
MediaTek, Inc.MediaTek chipsetMT6985affected
MediaTek, Inc.MediaTek chipsetMT6989affected
MediaTek, Inc.MediaTek chipsetMT6991affected
MediaTek, Inc.MediaTek chipsetMT6993affected
MediaTek, Inc.MediaTek chipsetMT8168affected
MediaTek, Inc.MediaTek chipsetMT8188affected
MediaTek, Inc.MediaTek chipsetMT8195affected
MediaTek, Inc.MediaTek chipsetMT8365affected
MediaTek, Inc.MediaTek chipsetMT8390affected
MediaTek, Inc.MediaTek chipsetMT8395affected
MediaTek, Inc.MediaTek chipsetMT8666affected
MediaTek, Inc.MediaTek chipsetMT8667affected
MediaTek, Inc.MediaTek chipsetMT8673affected
MediaTek, Inc.MediaTek chipsetMT8676affected
MediaTek, Inc.MediaTek chipsetMT8696affected
MediaTek, Inc.MediaTek chipsetMT8793affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References