Volerion logoVolerion
Volerion logoVolerion

MediaTek Chipsets Devinfo Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing local information disclosure of device identifiers has been identified in the devinfo component of certain MediaTek chipsets. This issue arises from a missing SELinux policy, which creates a potential for unauthorized access to sensitive device information. The vulnerability affects multiple chipsets, including MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8196, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8796, MT8797, MT8798, MT8893. The vulnerability is present in software versions Android 13.0, 14.0, and 15.0.

Impact

Exploitation of this vulnerability could lead to unauthorized local access to device identifiers, potentially allowing for tracking or identification of the device.

Remediation

MediaTek has issued a patch for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch are available through MediaTek's official channels.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
4.7
remediation
0.0
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.