Volerion logoVolerion
Volerion logoVolerion

MediaTek GNSS Driver Out-of-Bounds Write Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability in the GNSS driver of certain MediaTek chipsets allows for a local out-of-bounds write due to an improper bounds check. This flaw could lead to unauthorized privilege escalation, particularly for an actor who has already gained system-level privileges. The vulnerability does not require user interaction to exploit.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user with system privileges to gain elevated rights or access.

Remediation

A patch for this vulnerability is available as part of the MediaTek ALPS09920033 update. Device OEMs can refer to their MediaTek contact for further information.

Added: Oct 14, 2025, 10:24 AM
Updated: Oct 14, 2025, 2:20 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
7.5
exploitability
2.8
remediation
0.0
relevance
0.7
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.