Description
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.
Published: 2026-03-02
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A missing bounds check in the PCIe subsystem causes an out‑of‑bounds write that could allow a local attacker with system privileges to gain higher privileges. This flaw is a classic buffer overrun (CWE‑787) and does not require user interaction for exploitation.

Affected Systems

The vulnerability affects MediaTek chipsets MT6991, MT6993, MT8188, and MT8678, as well as Android operating system versions 15.0 and 16.0 that run on those chipsets.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity, but the EPSS score is below 1%, meaning the likelihood of current exploitation is low. Since the flaw has not been reported in the CISA KEV catalog, there is no known public exploit, yet the local escalation potential warrants prompt response. The attack would require a user already possessing system level access on the target device.

Generated by OpenCVE AI on April 16, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the MediaTek firmware patch identified by ALPS10315038 or ALPS10340155 to the affected chipsets.
  • Reboot the device after installing the firmware to ensure the corrected PCIe driver is active.
  • Restrict non‑privileged users from accessing the PCIe subsystem by adjusting device permissions or disabling the PCIe interface for untrusted users.

Generated by OpenCVE AI on April 16, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Out‑of‑Bounds Write in PCIe Driver on MediaTek Chipsets

Tue, 03 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek
Mediatek mt6991
Mediatek mt6993
Mediatek mt8188
Mediatek mt8678
CPEs cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek
Mediatek mt6991
Mediatek mt6993
Mediatek mt8188
Mediatek mt8678

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
Description In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.
Weaknesses CWE-787
References

Subscriptions

Google Android
Mediatek Mt6991 Mt6993 Mt8188 Mt8678
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:06:35.755Z

Reserved: 2025-11-03T01:30:59.009Z

Link: CVE-2026-20416

cve-icon Vulnrichment

Updated: 2026-03-02T13:21:05.943Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T09:16:15.150

Modified: 2026-03-03T13:14:12.173

Link: CVE-2026-20416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses