Volerion logoVolerion
Volerion logoVolerion

MediaTek Power HAL Out-of-Bounds Write Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in the Power Hardware Abstraction Layer (HAL) of certain MediaTek chipsets, including the MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8196, MT8391, MT8676, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883, MT8893. The vulnerability arises from a missing bounds check, leading to a possible out-of-bounds write. This issue could allow local escalation of privilege, but only if the attacker has already obtained System privileges. Exploitation does not require user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user with System privileges to gain elevated rights or access within the operating system.

Remediation

MediaTek has issued a patch for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch are available through MediaTek's official channels.

Added: Aug 4, 2025, 2:18 AM
Updated: Aug 4, 2025, 2:18 AM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
2.8
remediation
0.0
relevance
0.3
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.