CVE-2026-20454
Analyzed Analyzed - Analysis Complete
Out of Bounds Write in GenieZone Due to Race Condition

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MediaTek, Inc.

Description
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-20454
EUVD
EUVD-2026-33543
Affected Vendors & Products
Showing 36 associated CPEs
Vendor Product Version / Range
mediatek mt6739_firmware *
mediatek mt6761_firmware *
mediatek mt6765_firmware *
mediatek mt6768_firmware *
mediatek mt6781_firmware *
mediatek mt6789_firmware *
mediatek mt6835_firmware *
mediatek mt6853_firmware *
mediatek mt6855_firmware *
mediatek mt6877_firmware *
mediatek mt6878_firmware *
mediatek mt6879_firmware *
mediatek mt6883_firmware *
mediatek mt6885_firmware *
mediatek mt6886_firmware *
mediatek mt6889_firmware *
mediatek mt6893_firmware *
mediatek mt6895_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6983_firmware *
mediatek mt6985_firmware *
mediatek mt6989_firmware *
mediatek mt6991_firmware *
mediatek mt8673_firmware *
mediatek mt8765_firmware *
mediatek mt8766_firmware *
mediatek mt8768_firmware *
mediatek mt8781_firmware *
mediatek mt8786_firmware *
mediatek mt8788_firmware *
mediatek mt8791t_firmware *
mediatek mt8793_firmware *
mediatek mt8797_firmware *
mediatek mt8798_firmware *
mediatek mt8910_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in geniezone and is caused by a race condition that leads to a possible out of bounds write.

An out of bounds write means that the program writes data outside the boundaries of allocated memory, which can corrupt data or cause unexpected behavior.

The race condition implies that the vulnerability occurs when multiple processes or threads access shared data concurrently in an unsafe way.

Exploitation of this vulnerability could allow a malicious actor who already has System privilege to escalate their privileges locally.

User interaction is not required to exploit this vulnerability.

Impact Analysis

If exploited, this vulnerability can lead to local escalation of privilege for an attacker who already has System privilege.

This means an attacker with System-level access could gain even higher privileges or perform unauthorized actions on the affected system.

Since user interaction is not needed, the vulnerability could be exploited silently and potentially compromise system integrity.

Mitigation Strategies

To mitigate this vulnerability, apply the security patch identified as ALPS10873936 provided by MediaTek.

Since the vulnerability involves a race condition leading to out of bounds write and local privilege escalation, ensure that only trusted users have System privileges to reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20454. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart