2469 matches found
CVE-2025-20641
CVE-2025-20641 affects the DA module in MediaTek chipsets, where a missing bounds check can cause an out-of-bounds write. This could enable local privilege escalation if an attacker has physical access, with user interaction required for exploitation. The public description consistently notes the...
CVE-2025-20640
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issu...
CVE-2025-20640
CVE-2025-20640 affects MediaTek chipsets’ DA module, where a missing bounds check enables an out-of-bounds read. This could cause local information disclosure when an attacker has physical device access; exploitation requires user interaction but no privileges beyond being present. Impact is desc...
CVE-2025-20639
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146;...
CVE-2025-20638
In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID:...
CVE-2025-20638
CVE-2025-20638 concerns MediaTek chipsets where the DA module exposes a read of uninitialized heap data, enabling local information disclosure. Root cause: uninitialized data in the DA module. Impact: potential leakage of heap contents if an attacker gains physical access; exploitation requires u...
CVE-2024-20142
CVE-2024-20142 concerns MediaTek MT8893 V5 DA where a missing bounds check in the V5 DA module can cause an out-of-bounds write. The resulting impact is local escalation of privilege if an attacker gains physical access to the device; exploitation requires user interaction. The initial documents ...
CVE-2024-20142
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406;...
CVE-2024-20141
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402;...
CVE-2024-20141
MediaTek MT8893 V5 DA module (MediaTek DA) contains an out-of-bounds write due to a missing bounds check, enabling local privilege escalation with physical access. Exploitation requires user interaction; no remote/vector details provided. Patch ALPS09291402 (MSV-2073) addresses this issue. Refere...
CVE-2025-20637
In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380...
CVE-2025-20636
In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431...
CVE-2025-20636
CVE-2025-20636 involves MediaTek MT8798 secmem module where a missing bounds check can cause an out-of-bounds write. This could enable local privilege escalation if an attacker already has System privileges, with no user interaction required. The available references list a patch: ALPS09403554 (M...
CVE-2025-20636
In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431...
CVE-2025-20635
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752;...
CVE-2025-20635
CVE-2025-20635 concerns MediaTek V6 DA with a missing bounds check in the DA module, enabling a possible out-of-bounds write and local elevation of privilege if an attacker has physical access to the device. Exploitation requires user interaction; no remote/vector details are provided. The patch ...
CVE-2025-20631
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187...
CVE-2025-20633
In MediaTek WLAN AP driver, CVE-2025-20633 describes a bound-check error causing an out-of-bounds write that could enable remote code execution without user interaction. Impact is high (C/H/I/A = 8.8 CVSS). The issue affects MediaTek MT7603/MT7615/MT7622/MT7915/related WLAN AP driver code paths a...
CVE-2024-20152
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue...
CVE-2024-20150
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018...