CVE-2026-20451
Out of Bounds Write in slbc Local Privilege Escalation
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | slbc | to ALPS10828685 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-843 | The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Mediatek slbc component and is caused by a possible out of bounds write due to type confusion.
Type confusion occurs when a program mistakenly treats a piece of memory as a different type than it actually is, which can lead to unexpected behavior such as writing data outside the intended memory boundaries.
Exploiting this vulnerability could allow a malicious actor who already has System privilege to escalate their privileges locally without requiring any user interaction.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to local escalation of privilege, meaning an attacker with existing System privileges could gain higher or unauthorized privileges on the affected system.
This could allow the attacker to perform actions that are normally restricted, potentially compromising system integrity and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the security patch identified as ALPS10828685 provided by MediaTek.
Since the vulnerability allows local escalation of privilege without user interaction, ensuring that your system is updated with the latest patches is critical.