Description
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784.
Published: 2026-06-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in MediaTek’s geniezone component where a missing bounds check could corrupt adjacent memory. An attacker who already has system privilege could exploit this to overwrite critical data, leading to local privilege escalation. The weakness corresponds to CWE‑787.

Affected Systems

Affected hardware is any MediaTek chipset that includes the geniezone firmware, as identified by MediaTek’s product security bulletin for June 2026. No specific versions were enumerated, so all current releases that contain the vulnerable implementation are potentially impacted.

Risk and Exploitability

The vulnerability does not require user interaction and can be triggered locally. No EPSS or CVSS scores are available, and the issue is not listed in the CISA KEV catalog, indicating no current known exploits. However, given its local privilege escalation nature, any compromised device could leverage it to gain full control.

Generated by OpenCVE AI on June 1, 2026 at 05:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply MediaTek patch ALPS10873936 identified in their bulletin.
  • Reboot the device after patching to clear any corrupted memory.
  • If patch is unavailable, upgrade to the latest chipset firmware that incorporates the fix.
  • As a temporary measure, restrict or disable geniezone functionality if possible to prevent the exploit from being reached.

Generated by OpenCVE AI on June 1, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Out of Bounds Write in MediaTek Geniezone Allows Local Privilege Escalation

Mon, 01 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784.
Weaknesses CWE-787
References

Subscriptions

Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-06-01T03:20:12.838Z

Reserved: 2025-11-03T01:30:59.014Z

Link: CVE-2026-20455

cve-icon Vulnrichment

Updated: 2026-06-01T11:06:24.811Z

cve-icon NVD

Status : Received

Published: 2026-06-01T04:16:22.163

Modified: 2026-06-01T04:16:22.163

Link: CVE-2026-20455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T06:30:21Z

Weaknesses