CVE-2026-20447

Summary

In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT6768affected
MediaTek, Inc.MediaTek chipsetMT6789affected
MediaTek, Inc.MediaTek chipsetMT6877affected
MediaTek, Inc.MediaTek chipsetMT6899affected
MediaTek, Inc.MediaTek chipsetMT6989affected
MediaTek, Inc.MediaTek chipsetMT6991affected
MediaTek, Inc.MediaTek chipsetMT6993affected
MediaTek, Inc.MediaTek chipsetMT8196affected
MediaTek, Inc.MediaTek chipsetMT8367affected
MediaTek, Inc.MediaTek chipsetMT8766affected
MediaTek, Inc.MediaTek chipsetMT8768affected
MediaTek, Inc.MediaTek chipsetMT8781affected
MediaTek, Inc.MediaTek chipsetMT8786affected
MediaTek, Inc.MediaTek chipsetMT8788Eaffected
MediaTek, Inc.MediaTek chipsetMT8791Taffected
MediaTek, Inc.MediaTek chipsetMT8793affected
MediaTek, Inc.MediaTek chipsetMT8910affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References