CVE-2025-20697
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-18
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 15.0 | |
| mediatek | mt2718 | * |
| mediatek | mt6761 | * |
| mediatek | mt6765 | * |
| mediatek | mt6768 | * |
| mediatek | mt6853 | * |
| mediatek | mt6855 | * |
| mediatek | mt6877 | * |
| mediatek | mt6878 | * |
| mediatek | mt6879 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6889 | * |
| mediatek | mt6893 | * |
| mediatek | mt6897 | * |
| mediatek | mt6989 | * |
| mediatek | mt6991 | * |
| mediatek | mt8186 | * |
| mediatek | mt8196 | * |
| mediatek | mt8391 | * |
| mediatek | mt8678 | * |
| mediatek | mt8775 | * |
| mediatek | mt8786 | * |
| mediatek | mt8788e | * |
| mediatek | mt8792 | * |
| mediatek | mt8796 | * |
| mediatek | mt8873 | * |
| mediatek | mt8883 | * |
| mediatek | mt8893 | * |
| android | 14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in the Power HAL component caused by a missing bounds check. It can allow a local attacker who already has System privilege to escalate their privileges further. Exploitation does not require user interaction.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a malicious actor with System privilege to escalate their privileges locally, potentially gaining higher control over the affected system.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS09915681 to fix the out of bounds write vulnerability in the Power HAL component.