MediaTek 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk input validation, and パス処理の欠陥 に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-20456 | In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338. | [email protected] | 5.5 | 0.10% | 2026-06-01 | 2026-06-17 |
| CVE-2026-20455 | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784. | [email protected] | 7.8 | 0.11% | 2026-06-01 | 2026-06-17 |
| CVE-2026-20454 | In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786. | [email protected] | 6.4 | 0.08% | 2026-06-01 | 2026-06-17 |
| CVE-2026-20453 | In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791. | [email protected] | 6.7 | 0.11% | 2026-06-01 | 2026-06-17 |
| CVE-2026-20452 | In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295. | [email protected] | 8.0 | 0.23% | 2026-06-01 | 2026-06-17 |
| CVE-2026-20451 | In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504. | [email protected] | 6.7 | 0.15% | 2026-05-04 | 2026-06-17 |
| CVE-2026-20450 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100. | [email protected] | 6.5 | 0.29% | 2026-05-04 | 2026-06-17 |
| CVE-2026-20449 | In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148. | [email protected] | 6.5 | 0.22% | 2026-05-04 | 2026-06-17 |
| CVE-2026-20448 | In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281. | [email protected] | 6.7 | 0.15% | 2026-05-04 | 2026-06-17 |
| CVE-2026-20447 | In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296. | [email protected] | 6.7 | 0.11% | 2026-05-04 | 2026-06-17 |
| CVE-2026-20446 | In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899. | [email protected] | 4.3 | 0.19% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20433 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. | [email protected] | 8.8 | 0.34% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20432 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461. | [email protected] | 8.0 | 0.29% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20431 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467. | [email protected] | 6.5 | 0.31% | 2026-04-07 | 2026-06-17 |
| CVE-2026-20436 | In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970. | [email protected] | 6.7 | 0.12% | 2026-03-02 | 2026-06-17 |
| CVE-2026-20434 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135. | [email protected] | 7.5 | 0.22% | 2026-03-02 | 2026-06-17 |
| CVE-2026-20430 | In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151. | [email protected] | 8.8 | 0.22% | 2026-03-02 | 2026-06-17 |
| CVE-2026-20423 | In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956. | [email protected] | 7.8 | 0.12% | 2026-03-02 | 2026-06-17 |
| CVE-2026-20422 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919. | [email protected] | 6.5 | 0.16% | 2026-02-02 | 2026-06-17 |
| CVE-2026-20421 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922. | [email protected] | 6.5 | 0.21% | 2026-02-02 | 2026-06-17 |