Description
In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.
Published: 2026-05-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in a missing bounds check within the MediaTek geniezone component, which can allow an attacker who already possesses system‑level privileges to elevate them further or modify system resources. This flaw is categorized as CWE‑125 and enables local privilege escalation without user interaction, potentially granting the attacker full control over the affected system.

Affected Systems

The affected product is the MediaTek chipset running the geniezone component. No specific firmware or software version information is provided in the advisory, so all installations based on MediaTek's geniezone should be considered at risk until confirmed patches are applied.

Risk and Exploitability

The EPSS score is < 1%, indicating a very low probability of current exploitation. The CVSS score of 6.7 reflects a moderate severity issue, and the vulnerability is not listed in the CISA KEV catalog, so no known widespread exploitation has been observed. However, because exploitation requires an attacker to already have system privileges and no user interaction is necessary, the risk is contingent on an initial compromise. The advisory includes a patch ID (ALPS10724073) that addresses the issue, reducing risk once applied.

Generated by OpenCVE AI on May 4, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch identified by ALPS10724073 to the MediaTek firmware or operating system.
  • Update the chipset firmware to a version that incorporates the patch, ensuring geniezone is the latest release.
  • Restrict or disable the geniezone process if immediate patching is not possible, limiting system privileges that could be abused.

Generated by OpenCVE AI on May 4, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in MediaTek Geniezone

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in MediaTek Geniezone

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.
Weaknesses CWE-125
References

Subscriptions

Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-05-05T03:56:08.477Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20447

cve-icon Vulnrichment

Updated: 2026-05-04T12:56:18.683Z

cve-icon NVD

Status : Received

Published: 2026-05-04T07:15:58.450

Modified: 2026-05-04T14:16:32.053

Link: CVE-2026-20447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:15:03Z

Weaknesses