CVE-2026-20451

Summary

In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT2718affected
MediaTek, Inc.MediaTek chipsetMT6899affected
MediaTek, Inc.MediaTek chipsetMT6985affected
MediaTek, Inc.MediaTek chipsetMT6989affected
MediaTek, Inc.MediaTek chipsetMT6991affected
MediaTek, Inc.MediaTek chipsetMT8115affected
MediaTek, Inc.MediaTek chipsetMT8186affected
MediaTek, Inc.MediaTek chipsetMT8188affected
MediaTek, Inc.MediaTek chipsetMT8196affected
MediaTek, Inc.MediaTek chipsetMT8365affected
MediaTek, Inc.MediaTek chipsetMT8367affected
MediaTek, Inc.MediaTek chipsetMT8370affected
MediaTek, Inc.MediaTek chipsetMT8371affected
MediaTek, Inc.MediaTek chipsetMT8390affected
MediaTek, Inc.MediaTek chipsetMT8391affected
MediaTek, Inc.MediaTek chipsetMT8395affected
MediaTek, Inc.MediaTek chipsetMT8676affected
MediaTek, Inc.MediaTek chipsetMT8678affected
MediaTek, Inc.MediaTek chipsetMT8766affected
MediaTek, Inc.MediaTek chipsetMT8768affected
MediaTek, Inc.MediaTek chipsetMT8775affected
MediaTek, Inc.MediaTek chipsetMT8781affected
MediaTek, Inc.MediaTek chipsetMT8786affected
MediaTek, Inc.MediaTek chipsetMT8788Eaffected
MediaTek, Inc.MediaTek chipsetMT8791Taffected
MediaTek, Inc.MediaTek chipsetMT8792affected
MediaTek, Inc.MediaTek chipsetMT8793affected
MediaTek, Inc.MediaTek chipsetMT8796affected
MediaTek, Inc.MediaTek chipsetMT8873affected
MediaTek, Inc.MediaTek chipsetMT8883affected
MediaTek, Inc.MediaTek chipsetMT8893affected
MediaTek, Inc.MediaTek chipsetMT8910affected

Weaknesses

  • CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References