Primary

Context

MediaTek Chipsets Privilege Escalation Vulnerability Due to Use-After-Free Memory Corruption

Vulnerability

A use-after-free vulnerability has been identified in the Digital Post-Processing Engine (DPE) of certain MediaTek chipsets. This vulnerability can lead to memory corruption, potentially allowing a malicious actor with System privileges to escalate privileges further. The issue arises from improper memory management, where memory is freed but still accessible, creating a risk of exploitation. Notably, user interaction is not required for this vulnerability to be exploited.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user with System privileges to gain elevated rights or access.

Remediation

Device OEMs have been notified of this vulnerability and the corresponding security patches are available. For further information, OEMs can contact their MediaTek representative.

Added: Jan 6, 2026, 2:21 AM

Updated: Jan 6, 2026, 2:21 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.8

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.8

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Chipsets Privilege Escalation Vulnerability Due to Use-After-Free Memory Corruption

Vulnerability

Impact

Remediation

Affected Products

MediaTek MT6899

MediaTek MT6991

MediaTek MT8793

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating