9.8
CVE-2026-20418 - Out‑of‑Bounds Write in MediaTek Thread Leading to Remote Privilege Escalation
In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID: MSV-4927.
5.3
CVE-2026-20417 - PCIe Out‑of‑Bounds Write Allowing Local Escalation of Privilege on MediaTek SoCs
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.
5.5
CVE-2026-20415 -
In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.
6.7
CVE-2026-20414 - MediaTek imgSys Use‑After‑Free Allows Local Privilege Escalation
In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.
6.7
CVE-2026-20413 - Local Privilege Escalation via Out‑Of‑Bounds Write in MediaTek imgsys Component
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.
7.8
CVE-2026-20412 - Out‑of‑Bounds Write in MediaTek Camera Service Enables Local Privilege Escalation
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.
7.8
CVE-2026-20411 - Use‑After‑Free in Cameraisp Causes Local Denial of Service on MediaTek Chipsets
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.
6.7
CVE-2026-20410 - Out-of-Bounds Write in MediaTek Chipset ImgSys Enables Local Privilege Escalation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.
7.8
CVE-2026-20409 - Out‑of‑Bounds Write Vulnerability in MediaTek Imgsys Leading to Local Privilege Escalation
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
8.8
CVE-2026-20408 - Remote WLAN Heap Buffer Overflow in MediaTek Chipsets
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.