CVE-2026-20458

Summary

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT2716affected
MediaTek, Inc.MediaTek chipsetMT2737affected
MediaTek, Inc.MediaTek chipsetMT6739affected
MediaTek, Inc.MediaTek chipsetMT6761affected
MediaTek, Inc.MediaTek chipsetMT6762affected
MediaTek, Inc.MediaTek chipsetMT6763affected
MediaTek, Inc.MediaTek chipsetMT6765affected
MediaTek, Inc.MediaTek chipsetMT6767affected
MediaTek, Inc.MediaTek chipsetMT6768affected
MediaTek, Inc.MediaTek chipsetMT6769affected
MediaTek, Inc.MediaTek chipsetMT6771affected
MediaTek, Inc.MediaTek chipsetMT6779affected
MediaTek, Inc.MediaTek chipsetMT6781affected
MediaTek, Inc.MediaTek chipsetMT6783affected
MediaTek, Inc.MediaTek chipsetMT6785affected
MediaTek, Inc.MediaTek chipsetMT6789affected
MediaTek, Inc.MediaTek chipsetMT6813affected
MediaTek, Inc.MediaTek chipsetMT6835affected
MediaTek, Inc.MediaTek chipsetMT6858affected
MediaTek, Inc.MediaTek chipsetMT6878affected
MediaTek, Inc.MediaTek chipsetMT6879affected
MediaTek, Inc.MediaTek chipsetMT6881affected
MediaTek, Inc.MediaTek chipsetMT6886affected
MediaTek, Inc.MediaTek chipsetMT6895affected
MediaTek, Inc.MediaTek chipsetMT6896affected
MediaTek, Inc.MediaTek chipsetMT6897affected
MediaTek, Inc.MediaTek chipsetMT6899affected
MediaTek, Inc.MediaTek chipsetMT6980affected
MediaTek, Inc.MediaTek chipsetMT6982affected
MediaTek, Inc.MediaTek chipsetMT6983affected
MediaTek, Inc.MediaTek chipsetMT6985affected
MediaTek, Inc.MediaTek chipsetMT6986affected
MediaTek, Inc.MediaTek chipsetMT6986Daffected
MediaTek, Inc.MediaTek chipsetMT6988affected
MediaTek, Inc.MediaTek chipsetMT6989affected
MediaTek, Inc.MediaTek chipsetMT6990affected
MediaTek, Inc.MediaTek chipsetMT6991affected
MediaTek, Inc.MediaTek chipsetMT6993affected
MediaTek, Inc.MediaTek chipsetMT8666affected
MediaTek, Inc.MediaTek chipsetMT8667affected
MediaTek, Inc.MediaTek chipsetMT8668affected
MediaTek, Inc.MediaTek chipsetMT8673affected
MediaTek, Inc.MediaTek chipsetMT8676affected
MediaTek, Inc.MediaTek chipsetMT8678affected
MediaTek, Inc.MediaTek chipsetMT8755affected
MediaTek, Inc.MediaTek chipsetMT8765affected
MediaTek, Inc.MediaTek chipsetMT8766affected
MediaTek, Inc.MediaTek chipsetMT8766Raffected
MediaTek, Inc.MediaTek chipsetMT8768affected
MediaTek, Inc.MediaTek chipsetMT8775affected
MediaTek, Inc.MediaTek chipsetMT8781affected
MediaTek, Inc.MediaTek chipsetMT8786affected
MediaTek, Inc.MediaTek chipsetMT8788affected
MediaTek, Inc.MediaTek chipsetMT8788Eaffected
MediaTek, Inc.MediaTek chipsetMT8789affected
MediaTek, Inc.MediaTek chipsetMT8792affected
MediaTek, Inc.MediaTek chipsetMT8793affected
MediaTek, Inc.MediaTek chipsetMT8795Taffected
MediaTek, Inc.MediaTek chipsetMT8796affected
MediaTek, Inc.MediaTek chipsetMT8798affected
MediaTek, Inc.MediaTek chipsetMT8863affected
MediaTek, Inc.MediaTek chipsetMT8873affected
MediaTek, Inc.MediaTek chipsetMT8883affected
MediaTek, Inc.MediaTek chipsetMT8893affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References