CVE-2026-20435

Summary

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT2737affected
MediaTek, Inc.MediaTek chipsetMT6739affected
MediaTek, Inc.MediaTek chipsetMT6761affected
MediaTek, Inc.MediaTek chipsetMT6765affected
MediaTek, Inc.MediaTek chipsetMT6768affected
MediaTek, Inc.MediaTek chipsetMT6781affected
MediaTek, Inc.MediaTek chipsetMT6789affected
MediaTek, Inc.MediaTek chipsetMT6813affected
MediaTek, Inc.MediaTek chipsetMT6833affected
MediaTek, Inc.MediaTek chipsetMT6853affected
MediaTek, Inc.MediaTek chipsetMT6855affected
MediaTek, Inc.MediaTek chipsetMT6877affected
MediaTek, Inc.MediaTek chipsetMT6878affected
MediaTek, Inc.MediaTek chipsetMT6879affected
MediaTek, Inc.MediaTek chipsetMT6880affected
MediaTek, Inc.MediaTek chipsetMT6885affected
MediaTek, Inc.MediaTek chipsetMT6886affected
MediaTek, Inc.MediaTek chipsetMT6890affected
MediaTek, Inc.MediaTek chipsetMT6893affected
MediaTek, Inc.MediaTek chipsetMT6895affected
MediaTek, Inc.MediaTek chipsetMT6897affected
MediaTek, Inc.MediaTek chipsetMT6983affected
MediaTek, Inc.MediaTek chipsetMT6985affected
MediaTek, Inc.MediaTek chipsetMT6989affected
MediaTek, Inc.MediaTek chipsetMT6990affected
MediaTek, Inc.MediaTek chipsetMT6993affected
MediaTek, Inc.MediaTek chipsetMT8169affected
MediaTek, Inc.MediaTek chipsetMT8186affected
MediaTek, Inc.MediaTek chipsetMT8188affected
MediaTek, Inc.MediaTek chipsetMT8370affected
MediaTek, Inc.MediaTek chipsetMT8390affected
MediaTek, Inc.MediaTek chipsetMT8676affected
MediaTek, Inc.MediaTek chipsetMT8678affected
MediaTek, Inc.MediaTek chipsetMT8696affected
MediaTek, Inc.MediaTek chipsetMT8793affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References