CVE-2026-20447_CVE-2026-20447

6.7 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.

Basic Information

ID CVE-2026-20447

Source MediaTek

Published May 4, 2026 at 05:41

Modified May 4, 2026 at 12:56

Affected Product

Vendor MediaTek, Inc.

Product MediaTek chipset

Version MT6768

Affected Versions MediaTek, Inc. MediaTek chipset MT6768
MediaTek, Inc. MediaTek chipset MT6789
MediaTek, Inc. MediaTek chipset MT6877
MediaTek, Inc. MediaTek chipset MT6899
MediaTek, Inc. MediaTek chipset MT6989
MediaTek, Inc. MediaTek chipset MT6991
MediaTek, Inc. MediaTek chipset MT6993
MediaTek, Inc. MediaTek chipset MT8196
MediaTek, Inc. MediaTek chipset MT8367
MediaTek, Inc. MediaTek chipset MT8766
MediaTek, Inc. MediaTek chipset MT8768
MediaTek, Inc. MediaTek chipset MT8781
MediaTek, Inc. MediaTek chipset MT8786
MediaTek, Inc. MediaTek chipset MT8788E
MediaTek, Inc. MediaTek chipset MT8791T
MediaTek, Inc. MediaTek chipset MT8793
MediaTek, Inc. MediaTek chipset MT8910

CWE Classification

CWE-125

References

corp.mediatek.com /product-security-bulletin/May-2026

{
    "lastseen": "",
    "description": "In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.",
    "published": "2026-05-04T05:41:51.218Z",
    "modified": "2026-05-04T12:56:24.654Z",
    "type": "cve",
    "title": "CVE-2026-20447",
    "source": "MediaTek",
    "references": "https://corp.mediatek.com/product-security-bulletin/May-2026",
    "id": "CVE-2026-20447",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "MediaTek, Inc. MediaTek chipset MT6768\nMediaTek, Inc. MediaTek chipset MT6789\nMediaTek, Inc. MediaTek chipset MT6877\nMediaTek, Inc. MediaTek chipset MT6899\nMediaTek, Inc. MediaTek chipset MT6989\nMediaTek, Inc. MediaTek chipset MT6991\nMediaTek, Inc. MediaTek chipset MT6993\nMediaTek, Inc. MediaTek chipset MT8196\nMediaTek, Inc. MediaTek chipset MT8367\nMediaTek, Inc. MediaTek chipset MT8766\nMediaTek, Inc. MediaTek chipset MT8768\nMediaTek, Inc. MediaTek chipset MT8781\nMediaTek, Inc. MediaTek chipset MT8786\nMediaTek, Inc. MediaTek chipset MT8788E\nMediaTek, Inc. MediaTek chipset MT8791T\nMediaTek, Inc. MediaTek chipset MT8793\nMediaTek, Inc. MediaTek chipset MT8910",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaTek chipset",
    "version": "MT6768",
    "vendor": "MediaTek, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}