CVE-2025-20776
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-03
Assigner: MediaTek, Inc.
Description
Description
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 | |
| mediatek | mt6739 | * |
| mediatek | mt6761 | * |
| mediatek | mt6765 | * |
| mediatek | mt6768 | * |
| mediatek | mt6781 | * |
| mediatek | mt6789 | * |
| mediatek | mt6833 | * |
| mediatek | mt6835 | * |
| mediatek | mt6853 | * |
| mediatek | mt6855 | * |
| mediatek | mt6877 | * |
| mediatek | mt6878 | * |
| mediatek | mt6879 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6886 | * |
| mediatek | mt6889 | * |
| mediatek | mt6893 | * |
| mediatek | mt6895 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6983 | * |
| mediatek | mt6985 | * |
| mediatek | mt6989 | * |
| mediatek | mt6991 | * |
| mediatek | mt8186 | * |
| mediatek | mt8188 | * |
| mediatek | mt8196 | * |
| mediatek | mt8667 | * |
| mediatek | mt8673 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8765 | * |
| mediatek | mt8766 | * |
| mediatek | mt8768 | * |
| mediatek | mt8771 | * |
| mediatek | mt8781 | * |
| mediatek | mt8791t | * |
| mediatek | mt8792 | * |
| mediatek | mt8793 | * |
| mediatek | mt8795t | * |
| mediatek | mt8796 | * |
| mediatek | mt8798 | * |
| mediatek | mt8873 | * |
| mediatek | mt8883 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds read in the display component caused by a missing bounds check. It allows reading memory outside the intended buffer limits.
How can this vulnerability impact me? :
If a malicious actor has already obtained System privilege, this vulnerability could lead to local escalation of privilege, potentially allowing the attacker to gain higher-level access on the system without user interaction.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS10184297 to fix the out of bounds read issue and prevent local escalation of privilege.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70