Description
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
Published: 2026-03-02
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation via Memory Corruption
Action: Apply Patch
AI Analysis

Impact

The vulnerability originates from a missing bounds check in the device’s display subsystem, leading to an out‑of‑bounds write (CWE‑787). An attacker who already has system privileges can exploit this memory corruption to elevate privileges further or potentially tamper with system memory. The flaw does not require user interaction and can be triggered by arbitrary firmware input.

Affected Systems

Affected devices are MediaTek chipsets, including the MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883, and other MediaTek SoCs listed in the CPE data. Specific firmware or kernel versions are not detailed in the advisories.

Risk and Exploitability

The base CVSS score of 6.7 indicates moderate severity; the EPSS score is below 1%, suggesting a low but non‑zero chance of exploitation. The flaw is listed as not in the CISA KEV catalog, so no known public exploits are tracked. Exploitation requires local access with system privileges and physical or remote access to the target device. When these conditions exist, an attacker can leverage the memory corruption to gain higher privileges within the system.

Generated by OpenCVE AI on April 16, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the MediaTek firmware update that includes patch ALPS10436995 to eliminate the out‑of‑bounds write.
  • If an immediate firmware update is not available, restrict or disable any privileged processes that invoke the vulnerable display driver to mitigate further privilege escalation.
  • Continuously monitor MediaTek security advisories and apply subsequent updates promptly to maintain protection.

Generated by OpenCVE AI on April 16, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title Potential Memory Corruption Leading to Local Privilege Escalation in MediaTek Display Driver

Tue, 03 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Mediatek
Mediatek mt6739
Mediatek mt6761
Mediatek mt6765
Mediatek mt6768
Mediatek mt6781
Mediatek mt6789
Mediatek mt6833
Mediatek mt6835
Mediatek mt6853
Mediatek mt6855
Mediatek mt6877
Mediatek mt6878
Mediatek mt6879
Mediatek mt6883
Mediatek mt6885
Mediatek mt6886
Mediatek mt6889
Mediatek mt6893
Mediatek mt6895
Mediatek mt6897
Mediatek mt6899
Mediatek mt6983
Mediatek mt6985
Mediatek mt6989
Mediatek mt6991
Mediatek mt6993
Mediatek mt8186
Mediatek mt8188
Mediatek mt8196
Mediatek mt8667
Mediatek mt8673
Mediatek mt8676
Mediatek mt8678
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8781
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8793
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8798
Mediatek mt8873
Mediatek mt8883
CPEs cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8186:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android
Mediatek
Mediatek mt6739
Mediatek mt6761
Mediatek mt6765
Mediatek mt6768
Mediatek mt6781
Mediatek mt6789
Mediatek mt6833
Mediatek mt6835
Mediatek mt6853
Mediatek mt6855
Mediatek mt6877
Mediatek mt6878
Mediatek mt6879
Mediatek mt6883
Mediatek mt6885
Mediatek mt6886
Mediatek mt6889
Mediatek mt6893
Mediatek mt6895
Mediatek mt6897
Mediatek mt6899
Mediatek mt6983
Mediatek mt6985
Mediatek mt6989
Mediatek mt6991
Mediatek mt6993
Mediatek mt8186
Mediatek mt8188
Mediatek mt8196
Mediatek mt8667
Mediatek mt8673
Mediatek mt8676
Mediatek mt8678
Mediatek mt8765
Mediatek mt8766
Mediatek mt8768
Mediatek mt8771
Mediatek mt8781
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8793
Mediatek mt8795t
Mediatek mt8796
Mediatek mt8798
Mediatek mt8873
Mediatek mt8883

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
Description In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
Weaknesses CWE-787
References
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:06:06.831Z

Reserved: 2025-11-03T01:30:59.012Z

Link: CVE-2026-20444

cve-icon Vulnrichment

Updated: 2026-03-02T13:23:17.799Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T09:16:17.863

Modified: 2026-03-03T12:58:43.023

Link: CVE-2026-20444

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:00:10Z

Weaknesses