CVE-2026-20454
Out of Bounds Write in GenieZone Due to Race Condition
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | geniezone | From ALPS10873936 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in geniezone and is caused by a race condition that leads to a possible out of bounds write.
An out of bounds write means that the program writes data outside the boundaries of allocated memory, which can corrupt data or cause unexpected behavior.
The race condition implies that the vulnerability occurs when multiple processes or threads access shared data concurrently in an unsafe way.
Exploitation of this vulnerability could allow a malicious actor who already has System privilege to escalate their privileges locally.
User interaction is not required to exploit this vulnerability.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to local escalation of privilege for an attacker who already has System privilege.
This means an attacker with System-level access could gain even higher privileges or perform unauthorized actions on the affected system.
Since user interaction is not needed, the vulnerability could be exploited silently and potentially compromise system integrity.