Description
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.
Published: 2026-06-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the geniezone component of MediaTek chipsets. A race condition can result in an out‑of‑bounds write, allowing a malicious actor who already possesses System privilege to gain higher local privileges. The flaw does not require user interaction and can be triggered by concurrent operations within the firmware.

Affected Systems

This flaw affects MediaTek, Inc. MediaTek chipset devices that deploy the geniezone firmware, regardless of the particular model or firmware version. The vendor has identified the defective code and released patch ALPS10873936 (Issue ID MSV-6786) to address the race condition.

Risk and Exploitability

Because the bug can be exercised locally without remote access or user action, the threat profile is a local privilege escalation. No EPSS or KEV data are available, and the CVSS rating has not been published, so the likelihood of exploitation in the wild is uncertain. Operators should consider the risk high for devices that could already be under local control by a threat actor.

Generated by OpenCVE AI on June 1, 2026 at 05:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official MediaTek patch ALPS10873936 to the geniezone firmware immediately.
  • If the patch cannot be deployed right away, disable or restrict use of the geniezone functionality on the affected devices until the fix is applied.
  • Enable detailed system logging to capture any anomalous memory operations and investigate any evidence of privilege escalation attempts.

Generated by OpenCVE AI on June 1, 2026 at 05:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation Through Race Condition in MediaTek Geniezone

Mon, 01 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.
Weaknesses CWE-367
References

Subscriptions

Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-06-01T03:20:11.445Z

Reserved: 2025-11-03T01:30:59.014Z

Link: CVE-2026-20454

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T04:16:22.033

Modified: 2026-06-01T04:16:22.033

Link: CVE-2026-20454

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T07:00:10Z

Weaknesses