Description
In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
Published: 2026-05-04
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in MediaTek’s slbc component, where type confusion can trigger an out‑of‑bounds write operation. This flaw permits an attacker who already possesses System‑level privileges to modify memory beyond intended bounds, potentially corrupting critical structures or escalating privileges. The impact is confined to the local environment and requires the attacker to have initial access with elevated privileges, but once exploited it could lead to full control over the affected device.

Affected Systems

MediaTek, Inc. manufactures the affected MediaTek chipset. No specific firmware or version details are provided in the data, so all products incorporating slbc within this chipset family may be vulnerable.

Risk and Exploitability

The EPSS score is <1% and the vulnerability is not listed in CISA’s KEV catalog, indicating a low probability of exploitation. Because the described exploit demands already‑obtained System privileges and no user interaction, the attack surface is limited to compromised local contexts. Nonetheless, the potential for full device takeover warrants immediate attention and patch deployment. The CVSS score for this vulnerability is 6.7, indicating a moderate level of risk.

Generated by OpenCVE AI on May 4, 2026 at 15:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Mediatek firmware update identified by patch ID ALPS10828685.
  • Reboot the device after applying the firmware update to apply changes.
  • Enforce least privilege on local accounts and employ device lockdown measures to reduce the likelihood of an attacker gaining System privileges.

Generated by OpenCVE AI on May 4, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in slbc Allowing Local Privilege Escalation

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in slbc Allowing Local Privilege Escalation
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
Weaknesses CWE-843
References

Subscriptions

Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-05-05T03:56:05.990Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20451

cve-icon Vulnrichment

Updated: 2026-05-04T12:55:42.490Z

cve-icon NVD

Status : Received

Published: 2026-05-04T07:15:59.840

Modified: 2026-05-04T14:16:32.710

Link: CVE-2026-20451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:45:03Z

Weaknesses