CVE-2025-20800
BaseFortify
Publication date: 2026-01-06
Last updated on: 2026-01-08
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 | |
| mediatek | mt2718 | * |
| mediatek | mt6899 | * |
| mediatek | mt6989 | * |
| mediatek | mt6991 | * |
| mediatek | mt8678 | * |
| mediatek | mt8793 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS10267349 to fix the out of bounds write vulnerability in mminfra. Since the vulnerability allows local escalation of privilege, ensure that only trusted users have System privilege until the patch is applied.
Can you explain this vulnerability to me?
This vulnerability in mminfra is due to a missing bounds check that allows an out of bounds write. This means that the software does not properly verify the limits of data being written, which can lead to memory corruption. Exploiting this flaw could enable a local attacker who already has System privileges to escalate their privileges further.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a malicious actor with existing System privileges to escalate their privileges locally, potentially gaining higher-level access or control over the affected system. This could lead to unauthorized actions or compromise of system integrity.