CVE-2025-20747
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-05
Assigner: MediaTek, Inc.
Description
Description
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | yocto | 4.0 |
| rdkcentral | rdk-b | 2024q1 |
| android | 14.0 | |
| openwrt | openwrt | 21.02.0 |
| openwrt | openwrt | 23.05.0 |
| zephyrproject | zephyr | 3.7.0 |
| mediatek | mt2718 | * |
| mediatek | mt2737 | * |
| mediatek | mt6835 | * |
| mediatek | mt6878 | * |
| mediatek | mt6886 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6982 | * |
| mediatek | mt6985 | * |
| mediatek | mt6986 | * |
| mediatek | mt6986d | * |
| mediatek | mt6989 | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8755 | * |
| mediatek | mt8893 | * |
| android | 15.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
