CVE-2026-20415
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-02-03
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 15.0 | |
| mediatek | mt6897 | * |
| mediatek | mt6989 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in imgsys and is caused by improper locking, which can lead to memory corruption. It can be exploited locally by a malicious actor who already has System privilege, without requiring any user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to a local denial of service condition, potentially disrupting system operations if exploited by someone with System privileges.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS10363254 to fix the memory corruption issue in imgsys. Since the vulnerability requires System privilege and no user interaction, ensure that only trusted users have System privileges and monitor for any suspicious activity until the patch is applied.