Zero Day MonitorZDM

← Back to list

7.8

CVE-2026-20455

mediatek · mediatek chipset

CVE-2026-20455: In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation

Description

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784.

Affected Products

Vendor	Product	Versions
mediatek	mediatek chipset	MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791T, MT8793, MT8797, MT8798, MT8910

References

https://corp.mediatek.com/product-security-bulletin/June-2026

Related News (1 articles)

Tier C

VulDB27d ago

CVE-2026-20455 | MediaTek MT8910 geniezone out-of-bounds write (MSV-6784 / ALPS10873936)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-787

PublishedJun 1, 2026

Last enriched27d agov2

Trending Score2

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-53097EXP

wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()

CRITICALCVE-2026-53101

wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync

CRITICALCVE-2026-53098

wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()

HIGHCVE-2026-20452

CVE-2026-20452: In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proxi

MEDIUMCVE-2026-20456

CVE-2026-20456: In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of s

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: severity

Jun 1, 2026

Version History

v2

Last enriched 27d ago

v2Tier C27d ago

Updated severity to CRITICAL and confirmed no exploit exists.

severity

via VulDB

v127d ago

Initial creation