A use‑after‑free bug in the display subsystem can trigger a system crash without needing user interaction. Attackers who have already gained System privilege can trigger a denial of service on the device. The flaw is limited to local disruption, with no remote code execution or data theft possible.

MediaTek, Inc. chipsets, including MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791t, MT8792, MT8793, MT8795t, MT8796, MT8798, MT8873, MT8883, and Android releases 14.0, 15.0, and 16.0 containing those chipsets.

The CVSS base score of 4.4 indicates moderate severity. EPSS is less than 1%, indicating a very low likelihood of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local System privilege; an attacker with those privileges can cause a crash without user interaction. Consequently, while the exploit would interrupt device operation, it does not raise privileges or expose data.