CVE-2026-20415

Published: Feb 2, 2026Modified: Feb 3, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Google Android	Version 15.0

Running on/with	Platform Versions
Mediatek Mt6897	All versions
Mediatek Mt6989	All versions

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (1)

https://corp.mediatek.com/product-security-bulletin/February-2026

Source: security@mediatek.com

Vendor Advisory

Timeline

No history available yet.