CVE-2026-20441
Out-of-Bounds Write in MAE Causes Local Privilege Escalation
Publication date: 2026-03-02
Last updated on: 2026-03-03
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MAE and is caused by a missing bounds check, which leads to a possible out of bounds write.
An out of bounds write means that the software writes data outside the allocated memory area, which can corrupt data or control flow.
Exploitation of this vulnerability can result in local escalation of privilege, meaning a user who already has System privilege could gain higher or unauthorized privileges.
No user interaction is needed to exploit this vulnerability.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a malicious actor with existing System privilege to escalate their privileges further locally.
This could lead to unauthorized access or control over system components or data, potentially compromising system integrity and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know