Description
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.
Published: 2026-06-01
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in MediaTek’s geniezone firmware, where a race condition can trigger an out‑of‑bounds write. This memory corruption can be leveraged by a malicious user who already holds System privilege to gain higher local privileges. The vulnerability does not require user interaction, so it can be triggered by concurrent operations within the firmware.

Affected Systems

All MediaTek, Inc. MediaTek chipset devices that deploy the geniezone firmware are affected, regardless of model or firmware version. MediaTek has issued patch ALPS10873936 (Issue ID MSV-6786) to address the race condition.

Risk and Exploitability

Because the bug can be exercised locally without remote access or active user involvement, the threat is a purely local privilege escalation. The CVSS score of 6.4 denotes moderate severity, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalogue, so the likelihood of widespread attacks remains uncertain, though any device that may already be under local threat actor control poses a high risk.

Generated by OpenCVE AI on June 1, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official MediaTek patch ALPS10873936 to the geniezone firmware immediately.
  • If patch deployment is delayed, disable or restrict access to geniezone functionality on affected devices until the fix is applied.
  • Enable detailed system logging to detect anomalous memory operations and investigate any indicators of privilege escalation attempts.

Generated by OpenCVE AI on June 1, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6739
Mediatek mt6739 Firmware
Mediatek mt6761
Mediatek mt6761 Firmware
Mediatek mt6765
Mediatek mt6765 Firmware
Mediatek mt6768
Mediatek mt6768 Firmware
Mediatek mt6781
Mediatek mt6781 Firmware
Mediatek mt6789
Mediatek mt6789 Firmware
Mediatek mt6835
Mediatek mt6835 Firmware
Mediatek mt6853
Mediatek mt6853 Firmware
Mediatek mt6855
Mediatek mt6855 Firmware
Mediatek mt6877
Mediatek mt6877 Firmware
Mediatek mt6878
Mediatek mt6878 Firmware
Mediatek mt6879
Mediatek mt6879 Firmware
Mediatek mt6883
Mediatek mt6883 Firmware
Mediatek mt6885
Mediatek mt6885 Firmware
Mediatek mt6886
Mediatek mt6886 Firmware
Mediatek mt6889
Mediatek mt6889 Firmware
Mediatek mt6893
Mediatek mt6893 Firmware
Mediatek mt6895
Mediatek mt6895 Firmware
Mediatek mt6897
Mediatek mt6897 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6983
Mediatek mt6983 Firmware
Mediatek mt6985
Mediatek mt6985 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt8673
Mediatek mt8673 Firmware
Mediatek mt8765
Mediatek mt8765 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788
Mediatek mt8788 Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8797
Mediatek mt8797 Firmware
Mediatek mt8798
Mediatek mt8798 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware
CPEs cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8910:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6739_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6761_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6765_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6781_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6853_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6855_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6878_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6879_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6883_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6885_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6886_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6889_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6893_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6895_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6897_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6983_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6985_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8673_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8765_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8766_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8768_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8781_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8786_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8788_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8791t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8797_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8798_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8910_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6739
Mediatek mt6739 Firmware
Mediatek mt6761
Mediatek mt6761 Firmware
Mediatek mt6765
Mediatek mt6765 Firmware
Mediatek mt6768
Mediatek mt6768 Firmware
Mediatek mt6781
Mediatek mt6781 Firmware
Mediatek mt6789
Mediatek mt6789 Firmware
Mediatek mt6835
Mediatek mt6835 Firmware
Mediatek mt6853
Mediatek mt6853 Firmware
Mediatek mt6855
Mediatek mt6855 Firmware
Mediatek mt6877
Mediatek mt6877 Firmware
Mediatek mt6878
Mediatek mt6878 Firmware
Mediatek mt6879
Mediatek mt6879 Firmware
Mediatek mt6883
Mediatek mt6883 Firmware
Mediatek mt6885
Mediatek mt6885 Firmware
Mediatek mt6886
Mediatek mt6886 Firmware
Mediatek mt6889
Mediatek mt6889 Firmware
Mediatek mt6893
Mediatek mt6893 Firmware
Mediatek mt6895
Mediatek mt6895 Firmware
Mediatek mt6897
Mediatek mt6897 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6983
Mediatek mt6983 Firmware
Mediatek mt6985
Mediatek mt6985 Firmware
Mediatek mt6989
Mediatek mt6989 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt8673
Mediatek mt8673 Firmware
Mediatek mt8765
Mediatek mt8765 Firmware
Mediatek mt8766
Mediatek mt8766 Firmware
Mediatek mt8768
Mediatek mt8768 Firmware
Mediatek mt8781
Mediatek mt8781 Firmware
Mediatek mt8786
Mediatek mt8786 Firmware
Mediatek mt8788
Mediatek mt8788 Firmware
Mediatek mt8791t
Mediatek mt8791t Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8797
Mediatek mt8797 Firmware
Mediatek mt8798
Mediatek mt8798 Firmware
Mediatek mt8910
Mediatek mt8910 Firmware

Mon, 01 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation Through Race Condition in MediaTek Geniezone

Mon, 01 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation Through Race Condition in MediaTek Geniezone

Mon, 01 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.
Weaknesses CWE-367
References

Subscriptions

Mediatek Mt6739 Mt6739 Firmware Mt6761 Mt6761 Firmware Mt6765 Mt6765 Firmware Mt6768 Mt6768 Firmware Mt6781 Mt6781 Firmware Mt6789 Mt6789 Firmware Mt6835 Mt6835 Firmware Mt6853 Mt6853 Firmware Mt6855 Mt6855 Firmware Mt6877 Mt6877 Firmware Mt6878 Mt6878 Firmware Mt6879 Mt6879 Firmware Mt6883 Mt6883 Firmware Mt6885 Mt6885 Firmware Mt6886 Mt6886 Firmware Mt6889 Mt6889 Firmware Mt6893 Mt6893 Firmware Mt6895 Mt6895 Firmware Mt6897 Mt6897 Firmware Mt6899 Mt6899 Firmware Mt6983 Mt6983 Firmware Mt6985 Mt6985 Firmware Mt6989 Mt6989 Firmware Mt6991 Mt6991 Firmware Mt8673 Mt8673 Firmware Mt8765 Mt8765 Firmware Mt8766 Mt8766 Firmware Mt8768 Mt8768 Firmware Mt8781 Mt8781 Firmware Mt8786 Mt8786 Firmware Mt8788 Mt8788 Firmware Mt8791t Mt8791t Firmware Mt8793 Mt8793 Firmware Mt8797 Mt8797 Firmware Mt8798 Mt8798 Firmware Mt8910 Mt8910 Firmware
Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-06-02T03:55:40.620Z

Reserved: 2025-11-03T01:30:59.014Z

Link: CVE-2026-20454

cve-icon Vulnrichment

Updated: 2026-06-01T11:04:24.407Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T04:16:22.033

Modified: 2026-06-01T18:09:44.583

Link: CVE-2026-20454

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T15:15:30Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition