Description
In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899.
Published: 2026-04-07
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Denial of Service
Action: Apply Patch
AI Analysis

Impact

An integer overflow in the secure boot process can cause an out‑of‑bounds write, permitting an attacker with user execution privileges to trigger a denial of service. The weakness is consistent with CWE‑190 (Integer Overflow) and CWE‑787 (Out‑of‑Bounds Write). The impact is a local service disruption or reboot of the device, compromising availability for the user.

Affected Systems

MediaTek chipsets, specifically the MT6813 hardware and its firmware. Devices using these components are vulnerable and require updating of the secure boot firmware.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% reflects a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires physical access to the device and user‑level privileges, but no additional user interaction is needed. In environments where devices are exposed to potential physical security risks, the risk is elevated however overall exploitation probability remains low.

Generated by OpenCVE AI on April 7, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-provided firmware patch ALPS09963054

Generated by OpenCVE AI on April 7, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Secure Boot Leading to Local Denial of Service
First Time appeared Mediatek mediatek Chipset
Vendors & Products Mediatek mediatek Chipset

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6813
Mediatek mt6813 Firmware
CPEs cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6813_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6813
Mediatek mt6813 Firmware

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899.
Weaknesses CWE-787
References

Subscriptions

Mediatek Mediatek Chipset Mt6813 Mt6813 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-04-07T13:02:15.541Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20446

cve-icon Vulnrichment

Updated: 2026-04-07T13:02:07.185Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T04:17:13.797

Modified: 2026-04-07T15:43:45.250

Link: CVE-2026-20446

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:50:09Z

Weaknesses