Description
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
Published: 2026-05-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in MediaTek's geniezone component, where a missing permission check allows a user already in possession of System privilege to elevate themselves to a higher privilege level. It is a classic privilege‑escalation vulnerability catalogued as CWE‑280. No additional user interaction or remote access is required; once System privilege is achieved, the attacker can expand control over the device firmware.

Affected Systems

MediaTek, Inc. chipset firmware, particularly the geniezone subsystem, is affected. The presence of patch ID ALPS10708513 in the MediaTek product‑security bulletin indicates the issue exists in current or recent firmware releases. Specific version ranges are not listed, so users should consult the bulletin for details.

Risk and Exploitability

The EPSS estimate is less than 1% and the vulnerability is not listed in CISA's KEV catalog, suggesting no widespread exploitation so far. The CVSS score of 6.7 indicates a moderate severity. Nevertheless, because no user interaction is needed and the flaw can be triggered by anyone who already holds System privilege, the risk remains significant in environments where such privileges can be attained. The attacker must first obtain or compromise System level access; thereafter the privilege escalation can proceed unimpeded, potentially giving full control over the device.

Generated by OpenCVE AI on May 4, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the MediaTek firmware to a version that includes patch ALPS10708513
  • Restrict assignment of System privileges to trusted accounts and processes on the device
  • Limit and monitor access to geniezone’s privileged functions and review audit logs for unauthorized privilege changes

Generated by OpenCVE AI on May 4, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6765
Mediatek mt6765 Firmware
Mediatek mt6768
Mediatek mt6768 Firmware
Mediatek mt6789
Mediatek mt6789 Firmware
Mediatek mt6877
Mediatek mt6877 Firmware
Mediatek mt6897
Mediatek mt6897 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt6993
Mediatek mt6993 Firmware
Mediatek mt8367
Mediatek mt8367 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8775
Mediatek mt8775 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788e
Mediatek mt8788e Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8792
Mediatek mt8792 Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8796
Mediatek mt8796 Firmware
Mediatek mt8893
Mediatek mt8893 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware
CPEs cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8367:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788e:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8910:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6765_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6897_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8367_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8766_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8775_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8781_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8786_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8788e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8791t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8792_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8796_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8893_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8910_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6765
Mediatek mt6765 Firmware
Mediatek mt6768
Mediatek mt6768 Firmware
Mediatek mt6789
Mediatek mt6789 Firmware
Mediatek mt6877
Mediatek mt6877 Firmware
Mediatek mt6897
Mediatek mt6897 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt6993
Mediatek mt6993 Firmware
Mediatek mt8367
Mediatek mt8367 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8775
Mediatek mt8775 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788e
Mediatek mt8788e Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8792
Mediatek mt8792 Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8796
Mediatek mt8796 Firmware
Mediatek mt8893
Mediatek mt8893 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Missing Permission Check in MediaTek geniezone

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 04 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Missing Permission Check in MediaTek geniezone

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
Weaknesses CWE-280
References

Subscriptions

Mediatek Mt6765 Mt6765 Firmware Mt6768 Mt6768 Firmware Mt6789 Mt6789 Firmware Mt6877 Mt6877 Firmware Mt6897 Mt6897 Firmware Mt6899 Mt6899 Firmware Mt6989 Mt6989 Firmware Mt6991 Mt6991 Firmware Mt6993 Mt6993 Firmware Mt8367 Mt8367 Firmware Mt8766 Mt8766 Firmware Mt8768 Mt8768 Firmware Mt8775 Mt8775 Firmware Mt8781 Mt8781 Firmware Mt8786 Mt8786 Firmware Mt8788e Mt8788e Firmware Mt8791t Mt8791t Firmware Mt8792 Mt8792 Firmware Mt8793 Mt8793 Firmware Mt8796 Mt8796 Firmware Mt8893 Mt8893 Firmware Mt8910 Mt8910 Firmware
Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-05-05T03:56:07.381Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20448

cve-icon Vulnrichment

Updated: 2026-05-04T12:57:10.995Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T07:15:59.500

Modified: 2026-05-07T12:43:11.833

Link: CVE-2026-20448

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:15:03Z

Weaknesses