Primary

Context

MediaTek Chipsets Out-of-Bounds Write Vulnerability in imgsys Component Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in the imgsys component of certain MediaTek chipsets, including the MT6897, MT6989, MT8370, MT8390, and MT8395. This vulnerability arises from a missing bounds check, leading to a possible out-of-bounds write. If exploited, it could allow a malicious actor with System privileges to escalate privileges further.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation.

Remediation

Device OEMs have been notified of this vulnerability and the corresponding security patches are available. For further information, OEMs can contact their MediaTek representative.

Added: Feb 2, 2026, 10:53 AM

Updated: Feb 2, 2026, 2:35 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.2

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.2

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Chipsets Out-of-Bounds Write Vulnerability in imgsys Component Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

MediaTek MT6897

MediaTek MT8370

MediaTek MT8390

MediaTek MT8395

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating