MediaTek Keymaster Out-of-Bounds Read Vulnerability Allowing Local Information Disclosure

Vulnerability

A vulnerability has been identified in the Keymaster component of MediaTek chipsets, specifically in the MT9972 series, running Android versions 12.0 and 14.0. The issue arises from a missing bounds check, which creates a potential out-of-bounds read. This vulnerability could lead to local information disclosure, but only if the attacker has already gained System privileges. Notably, exploitation of this vulnerability does not require user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized local information disclosure, potentially allowing an attacker to access sensitive data or system information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Keymaster Out-of-Bounds Read Vulnerability Allowing Local Information Disclosure

Vulnerability

Impact

Affected Products

MediaTek MT9972

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating