Description
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
Published: 2026-02-02
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A missing bounds check in MediaTek’s imgsys component can cause an out‑of‑bounds write. The flaw can be exploited by an attacker who already has System privileges, allowing the attacker to write data beyond the intended memory region and thus elevate privileges locally. No user interaction is required for the exploit. The weakness corresponds to CWE‑787: Out‑of‑Bounds Write.

Affected Systems

The vulnerability affects MediaTek chipset products, specifically MT6897 and MT6989 series. It also impacts devices running Android 15.0 that use these chipsets, as identified in the CPE entries.

Risk and Exploitability

With a CVSS score of 7.8 the vulnerability is of medium‑high severity. The EPSS score of less than 1% indicates a low probability of exploitation at the time of analysis. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local access to a system with System privileges; once that prerequisite is met, the attacker can trigger the out‑of‑bounds write without further user interaction.

Generated by OpenCVE AI on April 16, 2026 at 07:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s fix identified as ALPS10363246 to update the imgsys driver and remove the missing bounds check.
  • Ensure the device firmware is updated to the latest MediaTek chipset release that incorporates the patch.
  • Verify that no custom or legacy images invoke the imgsys component with elevated privileges, and enforce least‑privilege policies to limit System access.

Generated by OpenCVE AI on April 16, 2026 at 07:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write Vulnerability in MediaTek Imgsys Leading to Local Privilege Escalation

Wed, 04 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek mt6989
CPEs cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek mt6989

Wed, 04 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6897
Mediatk
Mediatk mt6989
Vendors & Products Mediatek
Mediatek mt6897
Mediatk
Mediatk mt6989

Mon, 02 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
Weaknesses CWE-787
References

Subscriptions

Google Android
Mediatek Mt6897 Mt6989
Mediatk Mt6989
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:03:00.763Z

Reserved: 2025-11-03T01:30:59.008Z

Link: CVE-2026-20409

cve-icon Vulnrichment

Updated: 2026-02-02T20:54:12.241Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-02T09:15:55.790

Modified: 2026-02-04T13:47:37.867

Link: CVE-2026-20409

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:15:28Z

Weaknesses