Description
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.
Published: 2026-03-02
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Denial of Service
Action: Patch Now
AI Analysis

Impact

The vulnerability resides in the MediaTek imgsys component where a use after free condition can cause a system crash. An attacker with System level privileges can trigger this flaw, resulting in a local denial of service on the affected device. The problem is a classic memory misuse leading to instability rather than information disclosure or code execution.

Affected Systems

Affected products include MediaTek chipsets MT2718, MT6899, MT6991, MT8678, and MT8793, which appear in a variety of devices running Google Android 15.0. The CVE entry does not specify any particular firmware or software revision numbers, so any device using the aforementioned chipsets and operating system is potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.4 indicates moderate severity, while an EPSS score of less than 1% suggests exploitation is unlikely under normal conditions. The vulnerability is not listed in the CISA KEV catalog. Exfiltration is not necessary; an attacker must already have System privilege to affect the process, so the attack vector is local and requires elevated privileges. A malicious actor could repeatedly trigger crashes to disrupt device operation, but remote exploitation is not possible without local access.

Generated by OpenCVE AI on April 16, 2026 at 05:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch identified as ALPS10431955.
  • Configure the device so that no untrusted applications can acquire System privilege, thereby limiting the attacker’s ability to reach the vulnerable component.
  • If a timely patch is not available, reboot the device after a crash and consider disabling or restricting imgsys‑related services to prevent further instability.

Generated by OpenCVE AI on April 16, 2026 at 05:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Leading to Local Denial of Service in MediaTek img sys

Tue, 03 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek
Mediatek mt2718
Mediatek mt6899
Mediatek mt6991
Mediatek mt8678
Mediatek mt8793
CPEs cpe:2.3:h:mediatek:mt2718:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek
Mediatek mt2718
Mediatek mt6899
Mediatek mt6991
Mediatek mt8678
Mediatek mt8793

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
Description In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.
Weaknesses CWE-416
References

Subscriptions

Google Android
Mediatek Mt2718 Mt6899 Mt6991 Mt8678 Mt8793
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:05:49.815Z

Reserved: 2025-11-03T01:30:59.012Z

Link: CVE-2026-20439

cve-icon Vulnrichment

Updated: 2026-03-02T13:56:52.284Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T09:16:17.170

Modified: 2026-03-03T12:47:36.477

Link: CVE-2026-20439

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:00:10Z

Weaknesses