Primary

Context

MediaTek WLAN TDLS Driver Elevation of Privilege Vulnerability

Vulnerability

A critical elevation of privilege vulnerability has been identified in the MediaTek WLAN driver, specifically within the TDLS (Tunneled Direct Link Setup) functionality. The issue arises from a missing bounds check, which creates a potential for out-of-bounds write operations. This vulnerability could be exploited remotely, allowing an attacker to escalate privileges without requiring additional execution rights or user interaction. Devices running the Android 2018-06-01 security patch level or earlier are affected.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access on the affected device.

Remediation

Users can update their devices to the June 2018 security patch level to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek WLAN TDLS Driver Elevation of Privilege Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating