Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0231
Vulnerability from certfr_avis - Published: 2026-03-03 - Updated: 2026-03-03
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Google indique que la vulnérabilité CVE-2026-21385 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions ant\u00e9rieures \u00e0 14, 15, 16, 16-qpr2 avant le correctif du 1 mars 2026",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-61612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61612"
},
{
"name": "CVE-2026-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0005"
},
{
"name": "CVE-2026-20403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20403"
},
{
"name": "CVE-2025-58409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58409"
},
{
"name": "CVE-2025-48644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48644"
},
{
"name": "CVE-2025-48544",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48544"
},
{
"name": "CVE-2026-20425",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20425"
},
{
"name": "CVE-2025-47398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47398"
},
{
"name": "CVE-2026-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0015"
},
{
"name": "CVE-2026-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20422"
},
{
"name": "CVE-2025-64783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64783"
},
{
"name": "CVE-2026-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0026"
},
{
"name": "CVE-2026-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0014"
},
{
"name": "CVE-2026-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20406"
},
{
"name": "CVE-2025-48577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48577"
},
{
"name": "CVE-2024-43766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43766"
},
{
"name": "CVE-2025-58407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58407"
},
{
"name": "CVE-2026-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21735"
},
{
"name": "CVE-2026-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0013"
},
{
"name": "CVE-2025-47388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47388"
},
{
"name": "CVE-2025-61616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61616"
},
{
"name": "CVE-2025-58411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58411"
},
{
"name": "CVE-2025-47339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47339"
},
{
"name": "CVE-2025-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2879"
},
{
"name": "CVE-2026-20426",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20426"
},
{
"name": "CVE-2026-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0030"
},
{
"name": "CVE-2025-48578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48578"
},
{
"name": "CVE-2026-20428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20428"
},
{
"name": "CVE-2025-48568",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48568"
},
{
"name": "CVE-2025-48641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48641"
},
{
"name": "CVE-2025-47366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47366"
},
{
"name": "CVE-2025-48650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48650"
},
{
"name": "CVE-2026-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0011"
},
{
"name": "CVE-2026-20420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20420"
},
{
"name": "CVE-2026-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0023"
},
{
"name": "CVE-2026-20401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20401"
},
{
"name": "CVE-2026-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0017"
},
{
"name": "CVE-2025-58408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58408"
},
{
"name": "CVE-2025-47397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47397"
},
{
"name": "CVE-2025-13952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13952"
},
{
"name": "CVE-2026-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0031"
},
{
"name": "CVE-2025-47395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47395"
},
{
"name": "CVE-2026-20404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20404"
},
{
"name": "CVE-2026-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0020"
},
{
"name": "CVE-2025-48630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48630"
},
{
"name": "CVE-2025-48585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48585"
},
{
"name": "CVE-2025-48635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48635"
},
{
"name": "CVE-2025-48567",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48567"
},
{
"name": "CVE-2025-48574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48574"
},
{
"name": "CVE-2026-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0035"
},
{
"name": "CVE-2026-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0024"
},
{
"name": "CVE-2025-64893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64893"
},
{
"name": "CVE-2025-48634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48634"
},
{
"name": "CVE-2025-47396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47396"
},
{
"name": "CVE-2025-48653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48653"
},
{
"name": "CVE-2026-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0032"
},
{
"name": "CVE-2026-20427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20427"
},
{
"name": "CVE-2025-38616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38616"
},
{
"name": "CVE-2025-69279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69279"
},
{
"name": "CVE-2026-20434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20434"
},
{
"name": "CVE-2025-48642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48642"
},
{
"name": "CVE-2026-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0025"
},
{
"name": "CVE-2025-20761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20761"
},
{
"name": "CVE-2025-10865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10865"
},
{
"name": "CVE-2025-48587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48587"
},
{
"name": "CVE-2026-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0038"
},
{
"name": "CVE-2025-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48619"
},
{
"name": "CVE-2025-47378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47378"
},
{
"name": "CVE-2025-48613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48613"
},
{
"name": "CVE-2025-47402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47402"
},
{
"name": "CVE-2025-47346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47346"
},
{
"name": "CVE-2026-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0006"
},
{
"name": "CVE-2025-40266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
},
{
"name": "CVE-2025-69278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69278"
},
{
"name": "CVE-2026-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20421"
},
{
"name": "CVE-2025-48646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48646"
},
{
"name": "CVE-2025-48609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48609"
},
{
"name": "CVE-2025-47394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47394"
},
{
"name": "CVE-2025-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48631"
},
{
"name": "CVE-2026-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0010"
},
{
"name": "CVE-2025-61614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61614"
},
{
"name": "CVE-2025-32313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32313"
},
{
"name": "CVE-2026-20402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20402"
},
{
"name": "CVE-2026-21385",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21385"
},
{
"name": "CVE-2025-47385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47385"
},
{
"name": "CVE-2026-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0007"
},
{
"name": "CVE-2025-20794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20794"
},
{
"name": "CVE-2026-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0034"
},
{
"name": "CVE-2026-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0012"
},
{
"name": "CVE-2026-0008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0008"
},
{
"name": "CVE-2026-0047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0047"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2025-48602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48602"
},
{
"name": "CVE-2025-61615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61615"
},
{
"name": "CVE-2026-0028",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0028"
},
{
"name": "CVE-2025-48654",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48654"
},
{
"name": "CVE-2025-48605",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48605"
},
{
"name": "CVE-2025-47348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47348"
},
{
"name": "CVE-2025-20795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20795"
},
{
"name": "CVE-2025-59600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59600"
},
{
"name": "CVE-2025-20760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20760"
},
{
"name": "CVE-2025-64784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64784"
},
{
"name": "CVE-2025-61613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61613"
},
{
"name": "CVE-2025-20762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20762"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2025-20793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20793"
},
{
"name": "CVE-2025-48582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48582"
},
{
"name": "CVE-2026-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0027"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2026-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0021"
},
{
"name": "CVE-2025-39682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39682"
},
{
"name": "CVE-2026-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0037"
},
{
"name": "CVE-2025-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48645"
},
{
"name": "CVE-2025-48579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48579"
},
{
"name": "CVE-2026-20405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20405"
},
{
"name": "CVE-2026-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0029"
}
],
"initial_release_date": "2026-03-03T00:00:00",
"last_revision_date": "2026-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0231",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2026-21385 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 Google Android",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01?hl=fr"
}
]
}
CVE-2024-43766 (GCVE-0-2024-43766)
Vulnerability from cvelistv5 – Published: 2026-03-02 18:41 – Updated: 2026-03-06 03:11
VLAI
EPSS
Summary
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
6.5 (Medium)
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://source.android.com/docs/security/bulletin… | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T20:23:03.720281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:23:08.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/p\u003e"
}
],
"value": "In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T03:11:34.257Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2024-43766",
"datePublished": "2026-03-02T18:41:56.729Z",
"dateReserved": "2024-08-15T20:40:04.309Z",
"dateUpdated": "2026-03-06T03:11:34.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43859 (GCVE-0-2024-43859)
Vulnerability from cvelistv5 – Published: 2024-08-17 09:24 – Updated: 2026-05-11 20:31
VLAI
EPSS
Title
f2fs: fix to truncate preallocated blocks in f2fs_file_open()
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate preallocated blocks in f2fs_file_open()
chenyuwen reports a f2fs bug as below:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011
fscrypt_set_bio_crypt_ctx+0x78/0x1e8
f2fs_grab_read_bio+0x78/0x208
f2fs_submit_page_read+0x44/0x154
f2fs_get_read_data_page+0x288/0x5f4
f2fs_get_lock_data_page+0x60/0x190
truncate_partial_data_page+0x108/0x4fc
f2fs_do_truncate_blocks+0x344/0x5f0
f2fs_truncate_blocks+0x6c/0x134
f2fs_truncate+0xd8/0x200
f2fs_iget+0x20c/0x5ac
do_garbage_collect+0x5d0/0xf6c
f2fs_gc+0x22c/0x6a4
f2fs_disable_checkpoint+0xc8/0x310
f2fs_fill_super+0x14bc/0x1764
mount_bdev+0x1b4/0x21c
f2fs_mount+0x20/0x30
legacy_get_tree+0x50/0xbc
vfs_get_tree+0x5c/0x1b0
do_new_mount+0x298/0x4cc
path_mount+0x33c/0x5fc
__arm64_sys_mount+0xcc/0x15c
invoke_syscall+0x60/0x150
el0_svc_common+0xb8/0xf8
do_el0_svc+0x28/0xa0
el0_svc+0x24/0x84
el0t_64_sync_handler+0x88/0xec
It is because inode.i_crypt_info is not initialized during below path:
- mount
- f2fs_fill_super
- f2fs_disable_checkpoint
- f2fs_gc
- f2fs_iget
- f2fs_truncate
So, let's relocate truncation of preallocated blocks to f2fs_file_open(),
after fscrypt_file_open().
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d4dd19ec1ea0cf6532d65709325c42b1398614a8 , < 5f04969136db674f133781626e0b692c5f2bf2f0
(git)
Affected: d4dd19ec1ea0cf6532d65709325c42b1398614a8 , < f44a25a8bfe0c15d33244539696cd9119cf44d18 (git) Affected: d4dd19ec1ea0cf6532d65709325c42b1398614a8 , < 3ba0ae885215b325605ff7ebf6de12ac2adf204d (git) Affected: d4dd19ec1ea0cf6532d65709325c42b1398614a8 , < 298b1e4182d657c3e388adcc29477904e9600ed5 (git) |
|
| Linux | Linux |
Affected:
5.17
Unaffected: 0 , < 5.17 (semver) Unaffected: 6.1.109 , ≤ 6.1.* (semver) Unaffected: 6.6.44 , ≤ 6.6.* (semver) Unaffected: 6.10.3 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:06:58.538280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:06:00.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/f2fs.h",
"fs/f2fs/file.c",
"fs/f2fs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f04969136db674f133781626e0b692c5f2bf2f0",
"status": "affected",
"version": "d4dd19ec1ea0cf6532d65709325c42b1398614a8",
"versionType": "git"
},
{
"lessThan": "f44a25a8bfe0c15d33244539696cd9119cf44d18",
"status": "affected",
"version": "d4dd19ec1ea0cf6532d65709325c42b1398614a8",
"versionType": "git"
},
{
"lessThan": "3ba0ae885215b325605ff7ebf6de12ac2adf204d",
"status": "affected",
"version": "d4dd19ec1ea0cf6532d65709325c42b1398614a8",
"versionType": "git"
},
{
"lessThan": "298b1e4182d657c3e388adcc29477904e9600ed5",
"status": "affected",
"version": "d4dd19ec1ea0cf6532d65709325c42b1398614a8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/f2fs.h",
"fs/f2fs/file.c",
"fs/f2fs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.109",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.109",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate preallocated blocks in f2fs_file_open()\n\nchenyuwen reports a f2fs bug as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000011\n fscrypt_set_bio_crypt_ctx+0x78/0x1e8\n f2fs_grab_read_bio+0x78/0x208\n f2fs_submit_page_read+0x44/0x154\n f2fs_get_read_data_page+0x288/0x5f4\n f2fs_get_lock_data_page+0x60/0x190\n truncate_partial_data_page+0x108/0x4fc\n f2fs_do_truncate_blocks+0x344/0x5f0\n f2fs_truncate_blocks+0x6c/0x134\n f2fs_truncate+0xd8/0x200\n f2fs_iget+0x20c/0x5ac\n do_garbage_collect+0x5d0/0xf6c\n f2fs_gc+0x22c/0x6a4\n f2fs_disable_checkpoint+0xc8/0x310\n f2fs_fill_super+0x14bc/0x1764\n mount_bdev+0x1b4/0x21c\n f2fs_mount+0x20/0x30\n legacy_get_tree+0x50/0xbc\n vfs_get_tree+0x5c/0x1b0\n do_new_mount+0x298/0x4cc\n path_mount+0x33c/0x5fc\n __arm64_sys_mount+0xcc/0x15c\n invoke_syscall+0x60/0x150\n el0_svc_common+0xb8/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84\n el0t_64_sync_handler+0x88/0xec\n\nIt is because inode.i_crypt_info is not initialized during below path:\n- mount\n - f2fs_fill_super\n - f2fs_disable_checkpoint\n - f2fs_gc\n - f2fs_iget\n - f2fs_truncate\n\nSo, let\u0027s relocate truncation of preallocated blocks to f2fs_file_open(),\nafter fscrypt_file_open()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:31:12.161Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f04969136db674f133781626e0b692c5f2bf2f0"
},
{
"url": "https://git.kernel.org/stable/c/f44a25a8bfe0c15d33244539696cd9119cf44d18"
},
{
"url": "https://git.kernel.org/stable/c/3ba0ae885215b325605ff7ebf6de12ac2adf204d"
},
{
"url": "https://git.kernel.org/stable/c/298b1e4182d657c3e388adcc29477904e9600ed5"
}
],
"title": "f2fs: fix to truncate preallocated blocks in f2fs_file_open()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43859",
"datePublished": "2024-08-17T09:24:28.672Z",
"dateReserved": "2024-08-17T09:11:59.279Z",
"dateUpdated": "2026-05-11T20:31:12.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10865 (GCVE-0-2025-10865)
Vulnerability from cvelistv5 – Published: 2026-01-13 17:26 – Updated: 2026-01-14 14:36
VLAI
EPSS
Title
GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free.
Improper reference counting on an internal resource caused scenario where potential for use after free was present.
Severity
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Affected:
1.15 RTM
(custom)
Affected: 1.17 RTM (custom) Affected: 1.18 RTM (custom) Affected: 23.2 RTM , ≤ 25.2 RTM (custom) Unaffected: 25.3 RTM (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:36:09.762443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:36:47.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"status": "affected",
"version": "1.15 RTM",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.17 RTM",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.18 RTM",
"versionType": "custom"
},
{
"lessThanOrEqual": "25.2 RTM",
"status": "affected",
"version": "23.2 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.3 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free.\u003cbr\u003e\u003cbr\u003eImproper reference counting on an internal resource caused scenario where potential for use after free was present.\u003cbr\u003e"
}
],
"value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free.\n\nImproper reference counting on an internal resource caused scenario where potential for use after free was present."
}
],
"impacts": [
{
"capecId": "CAPEC-124",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-124: Shared Resource Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:26:45.523Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2025-10865",
"datePublished": "2026-01-13T17:26:45.523Z",
"dateReserved": "2025-09-23T07:31:35.940Z",
"dateUpdated": "2026-01-14T14:36:47.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13952 (GCVE-0-2025-13952)
Vulnerability from cvelistv5 – Published: 2026-01-24 02:26 – Updated: 2026-01-26 15:13
VLAI
EPSS
Title
GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP
Summary
A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.
The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.
Severity
9.8 (Critical)
CWE
- CWE-416 - CWE - CWE-416: Use After Free (4.18)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Unaffected:
1.17 RTM
(custom)
Unaffected: 1.18 RTM (custom) Unaffected: 23.2 RTM (custom) Unaffected: 24.1 RTM , ≤ 24.2 RTM (custom) Affected: 25.1 RTM , ≤ 25.2 RTM (custom) Unaffected: 25.3 RTM (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T15:11:28.356805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T15:13:20.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"status": "unaffected",
"version": "1.17 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.18 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "23.2 RTM",
"versionType": "custom"
},
{
"lessThanOrEqual": "24.2 RTM",
"status": "unaffected",
"version": "24.1 RTM",
"versionType": "custom"
},
{
"lessThanOrEqual": "25.2 RTM",
"status": "affected",
"version": "25.1 RTM",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.3 RTM",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\u003cbr\u003e\u003cbr\u003eThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.\u003cbr\u003e"
}
],
"value": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\nThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC - CAPEC-129: Pointer Manipulation (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE - CWE-416: Use After Free (4.18)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-24T02:26:49.238Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2025-13952",
"datePublished": "2026-01-24T02:26:49.238Z",
"dateReserved": "2025-12-03T11:48:53.858Z",
"dateUpdated": "2026-01-26T15:13:20.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20760 (GCVE-0-2025-20760)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:04
VLAI
EPSS
Summary
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.
Severity
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:21:53.866485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:19:09.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:04:05.777Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20760",
"datePublished": "2026-01-06T01:46:38.274Z",
"dateReserved": "2024-11-01T01:21:50.398Z",
"dateUpdated": "2026-03-30T13:04:05.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20761 (GCVE-0-2025-20761)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:04
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.
Severity
6.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6833 Affected: MT6833P Affected: MT6835 Affected: MT6835T Affected: MT6853 Affected: MT6853T Affected: MT6855 Affected: MT6855T Affected: MT6873 Affected: MT6875 Affected: MT6875T Affected: MT6877 Affected: MT6877T Affected: MT6877TT Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6895TT Affected: MT6896 Affected: MT6897 Affected: MT6980 Affected: MT6980D Affected: MT6983 Affected: MT6983T Affected: MT6985 Affected: MT6985T Affected: MT6989 Affected: MT6989T Affected: MT6990 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:19:25.340719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:19:28.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6833P"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6835T"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6853T"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6855T"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6875T"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6877T"
},
{
"status": "affected",
"version": "MT6877TT"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6895TT"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6980D"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6983T"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6985T"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6989T"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:04:02.542Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20761",
"datePublished": "2026-01-06T01:46:36.559Z",
"dateReserved": "2024-11-01T01:21:50.398Z",
"dateUpdated": "2026-03-30T13:04:02.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20762 (GCVE-0-2025-20762)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760.
Severity
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT6835
Affected: MT6835T Affected: MT6878 Affected: MT6878M Affected: MT6897 Affected: MT6899 Affected: MT6991 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8792 Affected: MT8793 Affected: MT8863 Affected: MT8873 Affected: MT8883 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:19:48.872518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:20:02.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6835T"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6878M"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:59.566Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20762",
"datePublished": "2026-01-06T01:46:34.913Z",
"dateReserved": "2024-11-01T01:21:50.398Z",
"dateUpdated": "2026-03-30T13:03:59.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20793 (GCVE-0-2025-20793)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
Severity
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:20:39.628921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:20:42.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:56.962Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20793",
"datePublished": "2026-01-06T01:46:33.180Z",
"dateReserved": "2024-11-01T01:21:50.402Z",
"dateUpdated": "2026-03-30T13:03:56.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20794 (GCVE-0-2025-20794)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
Severity
6.5 (Medium)
CWE
- CWE-121 - Stack Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:21:10.532009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:21:13.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:54.464Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20794",
"datePublished": "2026-01-06T01:46:31.408Z",
"dateReserved": "2024-11-01T01:21:50.403Z",
"dateUpdated": "2026-03-30T13:03:54.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20795 (GCVE-0-2025-20795)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI
EPSS
Summary
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.
Severity
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2718
Affected: MT6580 Affected: MT6739 Affected: MT6761 Affected: MT6765 Affected: MT6768 Affected: MT6779 Affected: MT6781 Affected: MT6785 Affected: MT6789 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6893 Affected: MT6895 Affected: MT6897 Affected: MT6899 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6991 Affected: MT8186 Affected: MT8188 Affected: MT8195 Affected: MT8196 Affected: MT8370 Affected: MT8390 Affected: MT8391 Affected: MT8395 Affected: MT8676 Affected: MT8678 Affected: MT8696 Affected: MT8755 Affected: MT8766 Affected: MT8768 Affected: MT8781 Affected: MT8786 Affected: MT8788E Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8796 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T04:55:46.691465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:59.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2718"
},
{
"status": "affected",
"version": "MT6580"
},
{
"status": "affected",
"version": "MT6739"
},
{
"status": "affected",
"version": "MT6761"
},
{
"status": "affected",
"version": "MT6765"
},
{
"status": "affected",
"version": "MT6768"
},
{
"status": "affected",
"version": "MT6779"
},
{
"status": "affected",
"version": "MT6781"
},
{
"status": "affected",
"version": "MT6785"
},
{
"status": "affected",
"version": "MT6789"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT8186"
},
{
"status": "affected",
"version": "MT8188"
},
{
"status": "affected",
"version": "MT8195"
},
{
"status": "affected",
"version": "MT8196"
},
{
"status": "affected",
"version": "MT8370"
},
{
"status": "affected",
"version": "MT8390"
},
{
"status": "affected",
"version": "MT8391"
},
{
"status": "affected",
"version": "MT8395"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8696"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8766"
},
{
"status": "affected",
"version": "MT8768"
},
{
"status": "affected",
"version": "MT8781"
},
{
"status": "affected",
"version": "MT8786"
},
{
"status": "affected",
"version": "MT8788E"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8796"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:51.733Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20795",
"datePublished": "2026-01-06T01:46:29.572Z",
"dateReserved": "2024-11-01T01:21:50.403Z",
"dateUpdated": "2026-03-30T13:03:51.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…