CVE-2026-20438

Summary

In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT2718affected
MediaTek, Inc.MediaTek chipsetMT6899affected
MediaTek, Inc.MediaTek chipsetMT6991affected
MediaTek, Inc.MediaTek chipsetMT8168affected
MediaTek, Inc.MediaTek chipsetMT8169affected
MediaTek, Inc.MediaTek chipsetMT8186affected
MediaTek, Inc.MediaTek chipsetMT8188affected
MediaTek, Inc.MediaTek chipsetMT8678affected
MediaTek, Inc.MediaTek chipsetMT8695affected
MediaTek, Inc.MediaTek chipsetMT8696affected
MediaTek, Inc.MediaTek chipsetMT8793affected

Weaknesses

  • CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References