CVE-2026-20462

Summary

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT6739affected
MediaTek, Inc.MediaTek chipsetMT6761affected
MediaTek, Inc.MediaTek chipsetMT6765affected
MediaTek, Inc.MediaTek chipsetMT6768affected
MediaTek, Inc.MediaTek chipsetMT6781affected
MediaTek, Inc.MediaTek chipsetMT6789affected
MediaTek, Inc.MediaTek chipsetMT6833affected
MediaTek, Inc.MediaTek chipsetMT6853affected
MediaTek, Inc.MediaTek chipsetMT6855affected
MediaTek, Inc.MediaTek chipsetMT6877affected
MediaTek, Inc.MediaTek chipsetMT6883affected
MediaTek, Inc.MediaTek chipsetMT6885affected
MediaTek, Inc.MediaTek chipsetMT6889affected
MediaTek, Inc.MediaTek chipsetMT6893affected
MediaTek, Inc.MediaTek chipsetMT8695affected
MediaTek, Inc.MediaTek chipsetMT8696affected
MediaTek, Inc.MediaTek chipsetMT8765affected
MediaTek, Inc.MediaTek chipsetMT8766affected
MediaTek, Inc.MediaTek chipsetMT8766Raffected
MediaTek, Inc.MediaTek chipsetMT8768affected
MediaTek, Inc.MediaTek chipsetMT8781affected
MediaTek, Inc.MediaTek chipsetMT8791affected

Weaknesses

  • CWE-122: CWE-122 Heap Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References