Description
In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.
Published: 2026-05-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in a missing bounds check within the MediaTek geniezone component, which can allow an attacker who already possesses system‑level privileges to elevate them further or modify system resources. This flaw is categorized as CWE‑125 and enables local privilege escalation without user interaction, potentially granting the attacker full control over the affected system.

Affected Systems

The affected product is the MediaTek chipset running the geniezone component. No specific firmware or software version information is provided in the advisory, so all installations based on MediaTek's geniezone should be considered at risk until confirmed patches are applied.

Risk and Exploitability

The EPSS score is < 1%, indicating a very low probability of current exploitation. The CVSS score of 6.7 reflects a moderate severity issue, and the vulnerability is not listed in the CISA KEV catalog, so no known widespread exploitation has been observed. However, because exploitation requires an attacker to already have system privileges and no user interaction is necessary, the risk is contingent on an initial compromise. The advisory includes a patch ID (ALPS10724073) that addresses the issue, reducing risk once applied.

Generated by OpenCVE AI on May 4, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch identified by ALPS10724073 to the MediaTek firmware or operating system.
  • Update the chipset firmware to a version that incorporates the patch, ensuring geniezone is the latest release.
  • Restrict or disable the geniezone process if immediate patching is not possible, limiting system privileges that could be abused.

Generated by OpenCVE AI on May 4, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6768
Mediatek mt6768 Firmware
Mediatek mt6789
Mediatek mt6789 Firmware
Mediatek mt6877
Mediatek mt6877 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt6993
Mediatek mt6993 Firmware
Mediatek mt8196
Mediatek mt8196 Firmware
Mediatek mt8367
Mediatek mt8367 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788e
Mediatek mt8788e Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware
CPEs cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8367:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788e:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8910:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8196_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8367_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8766_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8781_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8786_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8788e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8791t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8910_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6768
Mediatek mt6768 Firmware
Mediatek mt6789
Mediatek mt6789 Firmware
Mediatek mt6877
Mediatek mt6877 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt6993
Mediatek mt6993 Firmware
Mediatek mt8196
Mediatek mt8196 Firmware
Mediatek mt8367
Mediatek mt8367 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788e
Mediatek mt8788e Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in MediaTek Geniezone

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in MediaTek Geniezone

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.
Weaknesses CWE-125
References

Subscriptions

Mediatek Mt6768 Mt6768 Firmware Mt6789 Mt6789 Firmware Mt6877 Mt6877 Firmware Mt6899 Mt6899 Firmware Mt6989 Mt6989 Firmware Mt6991 Mt6991 Firmware Mt6993 Mt6993 Firmware Mt8196 Mt8196 Firmware Mt8367 Mt8367 Firmware Mt8766 Mt8766 Firmware Mt8768 Mt8768 Firmware Mt8781 Mt8781 Firmware Mt8786 Mt8786 Firmware Mt8788e Mt8788e Firmware Mt8791t Mt8791t Firmware Mt8793 Mt8793 Firmware Mt8910 Mt8910 Firmware
Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-05-05T03:56:08.477Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20447

cve-icon Vulnrichment

Updated: 2026-05-04T12:56:18.683Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T07:15:58.450

Modified: 2026-05-07T12:43:25.100

Link: CVE-2026-20447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:15:03Z

Weaknesses