Primary

Context

MediaTek WLAN Driver TOCTOU Race Condition Vulnerability Allowing Local Information Disclosure

Vulnerability

A race condition in the WLAN STA driver can lead to a possible out-of-bounds read. This vulnerability, caused by a time-of-check time-of-use (TOCTOU) race condition, could result in local information disclosure. Exploitation does not require user interaction, but it does require user execution privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information.

Added: Nov 4, 2025, 7:30 AM

Updated: Nov 4, 2025, 7:30 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

2.9

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

2.9

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek WLAN Driver TOCTOU Race Condition Vulnerability Allowing Local Information Disclosure

Vulnerability

Impact

Affected Products

MediaTek MT7902

MediaTek MT7920

MediaTek MT7921

MediaTek MT7922

MediaTek MT7925

MediaTek MT7927

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating