CVE-2026-20446
Integer Overflow in Sec Boot Causes Local DoS Without User Interaction
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | mt6813_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the sec boot component where an integer overflow can cause a possible out of bounds write.
An attacker with physical access to the device and user execution privileges can exploit this flaw.
Exploitation does not require user interaction.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a local denial of service on the affected device.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the patch identified as ALPS09963054 provided by the vendor.
Ensure that physical access to the device is restricted since exploitation requires physical access.