6.7
CVE-2026-20414 - MediaTek imgSys Use‑After‑Free Allows Local Privilege Escalation
In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.
6.7
CVE-2026-20413 - Local Privilege Escalation via Out‑Of‑Bounds Write in MediaTek imgsys Component
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.
7.8
CVE-2026-20412 - Out‑of‑Bounds Write in MediaTek Camera Service Enables Local Privilege Escalation
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.
7.8
CVE-2026-20411 - Use‑After‑Free in Cameraisp Causes Local Denial of Service on MediaTek Chipsets
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.
6.7
CVE-2026-20410 - Out-of-Bounds Write in MediaTek Chipset ImgSys Enables Local Privilege Escalation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.
7.8
CVE-2026-20409 - Out‑of‑Bounds Write Vulnerability in MediaTek Imgsys Leading to Local Privilege Escalation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
8.8
CVE-2026-20408 - Remote WLAN Heap Buffer Overflow in MediaTek Chipsets
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.
9.3
CVE-2026-20407 - WLAN STA Driver Local Privilege Escalation via Missing Bounds Check
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.
6.5
CVE-2026-20406 - Uncaught Exception in Modem Firmware Enables Remote Denial of Service
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: …
6.5
CVE-2026-20405 - Missing Bounds Check in MediaTek Modem Causes Remote Denial‑of‑Service
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…