Description
In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
Published: 2026-05-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in MediaTek’s slbc component, where type confusion can trigger an out‑of‑bounds write operation. This flaw permits an attacker who already possesses System‑level privileges to modify memory beyond intended bounds, potentially corrupting critical structures or escalating privileges. The impact is confined to the local environment and requires the attacker to have initial access with elevated privileges, but once exploited it could lead to full control over the affected device.

Affected Systems

MediaTek, Inc. manufactures the affected MediaTek chipset. No specific firmware or version details are provided in the data, so all products incorporating slbc within this chipset family may be vulnerable.

Risk and Exploitability

The EPSS score is <1% and the vulnerability is not listed in CISA’s KEV catalog, indicating a low probability of exploitation. Because the described exploit demands already‑obtained System privileges and no user interaction, the attack surface is limited to compromised local contexts. Nonetheless, the potential for full device takeover warrants immediate attention and patch deployment. The CVSS score for this vulnerability is 6.7, indicating a moderate level of risk.

Generated by OpenCVE AI on May 4, 2026 at 15:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Mediatek firmware update identified by patch ID ALPS10828685.
  • Reboot the device after applying the firmware update to apply changes.
  • Enforce least privilege on local accounts and employ device lockdown measures to reduce the likelihood of an attacker gaining System privileges.

Generated by OpenCVE AI on May 4, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt2718
Mediatek mt2718 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6985
Mediatek mt6985 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt8115
Mediatek mt8115 Firmware
Mediatek mt8186
Mediatek mt8186 Firmware
Mediatek mt8188
Mediatek mt8188 Firmware
Mediatek mt8196
Mediatek mt8196 Firmware
Mediatek mt8365
Mediatek mt8365 Firmware
Mediatek mt8367
Mediatek mt8367 Firmware
Mediatek mt8370
Mediatek mt8370 Firmware
Mediatek mt8371
Mediatek mt8371 Firmware
Mediatek mt8390
Mediatek mt8390 Firmware
Mediatek mt8391
Mediatek mt8391 Firmware
Mediatek mt8395
Mediatek mt8395 Firmware
Mediatek mt8676
Mediatek mt8676 Firmware
Mediatek mt8678
Mediatek mt8678 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8775
Mediatek mt8775 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788e
Mediatek mt8788e Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8792
Mediatek mt8792 Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8796
Mediatek mt8796 Firmware
Mediatek mt8873
Mediatek mt8873 Firmware
Mediatek mt8883
Mediatek mt8883 Firmware
Mediatek mt8893
Mediatek mt8893 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware
CPEs cpe:2.3:h:mediatek:mt2718:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8115:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8186:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8367:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8371:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8391:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788e:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8910:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt2718_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6985_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8115_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8186_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8188_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8196_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8365_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8367_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8370_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8371_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8390_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8391_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8395_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8676_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8678_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8766_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8775_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8781_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8786_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8788e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8791t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8792_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8796_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8873_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8883_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8893_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8910_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt2718
Mediatek mt2718 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6985
Mediatek mt6985 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt8115
Mediatek mt8115 Firmware
Mediatek mt8186
Mediatek mt8186 Firmware
Mediatek mt8188
Mediatek mt8188 Firmware
Mediatek mt8196
Mediatek mt8196 Firmware
Mediatek mt8365
Mediatek mt8365 Firmware
Mediatek mt8367
Mediatek mt8367 Firmware
Mediatek mt8370
Mediatek mt8370 Firmware
Mediatek mt8371
Mediatek mt8371 Firmware
Mediatek mt8390
Mediatek mt8390 Firmware
Mediatek mt8391
Mediatek mt8391 Firmware
Mediatek mt8395
Mediatek mt8395 Firmware
Mediatek mt8676
Mediatek mt8676 Firmware
Mediatek mt8678
Mediatek mt8678 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8775
Mediatek mt8775 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788e
Mediatek mt8788e Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8792
Mediatek mt8792 Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8796
Mediatek mt8796 Firmware
Mediatek mt8873
Mediatek mt8873 Firmware
Mediatek mt8883
Mediatek mt8883 Firmware
Mediatek mt8893
Mediatek mt8893 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware

Mon, 04 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in slbc Allowing Local Privilege Escalation

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in slbc Allowing Local Privilege Escalation
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
Weaknesses CWE-843
References

Subscriptions

Mediatek Mt2718 Mt2718 Firmware Mt6899 Mt6899 Firmware Mt6985 Mt6985 Firmware Mt6989 Mt6989 Firmware Mt6991 Mt6991 Firmware Mt8115 Mt8115 Firmware Mt8186 Mt8186 Firmware Mt8188 Mt8188 Firmware Mt8196 Mt8196 Firmware Mt8365 Mt8365 Firmware Mt8367 Mt8367 Firmware Mt8370 Mt8370 Firmware Mt8371 Mt8371 Firmware Mt8390 Mt8390 Firmware Mt8391 Mt8391 Firmware Mt8395 Mt8395 Firmware Mt8676 Mt8676 Firmware Mt8678 Mt8678 Firmware Mt8766 Mt8766 Firmware Mt8768 Mt8768 Firmware Mt8775 Mt8775 Firmware Mt8781 Mt8781 Firmware Mt8786 Mt8786 Firmware Mt8788e Mt8788e Firmware Mt8791t Mt8791t Firmware Mt8792 Mt8792 Firmware Mt8793 Mt8793 Firmware Mt8796 Mt8796 Firmware Mt8873 Mt8873 Firmware Mt8883 Mt8883 Firmware Mt8893 Mt8893 Firmware Mt8910 Mt8910 Firmware
Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-05-05T03:56:05.990Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20451

cve-icon Vulnrichment

Updated: 2026-05-04T12:55:42.490Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T07:15:59.840

Modified: 2026-05-07T12:42:44.807

Link: CVE-2026-20451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:45:03Z

Weaknesses