CVE-2026-20431

Summary

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT6813affected
MediaTek, Inc.MediaTek chipsetMT6815affected
MediaTek, Inc.MediaTek chipsetMT6835affected
MediaTek, Inc.MediaTek chipsetMT6878affected
MediaTek, Inc.MediaTek chipsetMT6897affected
MediaTek, Inc.MediaTek chipsetMT6899affected
MediaTek, Inc.MediaTek chipsetMT6986affected
MediaTek, Inc.MediaTek chipsetMT6991affected
MediaTek, Inc.MediaTek chipsetMT6993affected
MediaTek, Inc.MediaTek chipsetMT8668affected
MediaTek, Inc.MediaTek chipsetMT8676affected
MediaTek, Inc.MediaTek chipsetMT8678affected
MediaTek, Inc.MediaTek chipsetMT8755affected
MediaTek, Inc.MediaTek chipsetMT8775affected
MediaTek, Inc.MediaTek chipsetMT8792affected
MediaTek, Inc.MediaTek chipsetMT8793affected
MediaTek, Inc.MediaTek chipsetMT8863affected
MediaTek, Inc.MediaTek chipsetMT8873affected
MediaTek, Inc.MediaTek chipsetMT8883affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References