A missing bounds check in the MediaTek geniezone component can cause an out‑of‑bounds write. If an attacker already possesses System privileges on the device, this flaw can be triggered without any additional user interaction, turning a local user into a privileged process. The consequence is the potential compromise of data integrity and confidentiality, or the ability to further exploit the system after gaining higher privileges. The weakness corresponds to CWE‑787, an out‑of‑bounds write bug.

The vulnerability affects devices that run the MediaTek chipset with the geniezone subsystem. No specific firmware or hardware version is listed, implying that all exposed geniezone implementations on MediaTek chipsets are potentially impacted until a patch is applied.

Because exploitation requires only local System privileges and no user action, the attack vector is local. The CVSS severity is 6.7, indicating a moderate to high risk. There is no EPSS score available, and the vulnerability is not listed in the CISA KEV catalog, yet the potential impact justifies prompt remediation.