Primary

Context

MediaTek Chipsets Out-of-Bounds Write Vulnerability in imgsys Component

Vulnerability

A vulnerability allowing out-of-bounds write has been identified in the imgsys component of certain MediaTek chipsets. This issue arises from improper input validation, which could lead to local privilege escalation for an actor with system privileges. Exploitation of this vulnerability requires user interaction.

Impact

Exploitation of this vulnerability could result in a local escalation of privileges, allowing a user with system rights to gain additional, unauthorized privileges.

Remediation

Device OEMs have been notified of this vulnerability and the corresponding security patches are available. For further information, OEMs can contact their MediaTek representative.

Added: Jan 6, 2026, 2:29 AM

Updated: Jan 6, 2026, 2:29 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

2.5

remediation

3.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

2.5

remediation

3.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Chipsets Out-of-Bounds Write Vulnerability in imgsys Component

Vulnerability

Impact

Remediation

Affected Products

MediaTek MT6989

MediaTek MT8796

MediaTek MT8893

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating