CVE-2025-20749
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 14.0 |
| Running on/with | Platform Versions |
|---|---|
Mediatek Mt6789 | All versions |
Mediatek Mt6835 | All versions |
Mediatek Mt6855 | All versions |
Mediatek Mt6878 | All versions |
Mediatek Mt6879 | All versions |
Mediatek Mt6886 | All versions |
Mediatek Mt6897 | All versions |
Mediatek Mt6899 | All versions |
Mediatek Mt6983 | All versions |
Mediatek Mt6985 | All versions |
Mediatek Mt6989 | All versions |
Mediatek Mt6991 | All versions |
Mediatek Mt8169 | All versions |
Mediatek Mt8188 | All versions |
Mediatek Mt8195 | All versions |
Mediatek Mt8196 | All versions |
Mediatek Mt8781 | All versions |
Mediatek Mt8796 | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (1)
Source: security@mediatek.com
Vendor Advisory
Timeline
No history available yet.