Primary

Context

MediaTek Chipsets Privilege Escalation Vulnerability in the imgsys Component

Vulnerability

A use-after-free vulnerability has been identified in the imgsys component of certain MediaTek chipsets, leading to a possible local privilege escalation. This issue arises from improper memory management, allowing a malicious actor with System privileges to exploit the vulnerability. The flaw does not require user interaction for exploitation.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a user to gain elevated rights or access within the system.

Remediation

Device OEMs have been notified of this vulnerability and the corresponding security patches are available. For further information, OEMs can contact their MediaTek representative.

Added: Feb 2, 2026, 9:26 AM

Updated: Feb 2, 2026, 2:24 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.2

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

2.2

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Chipsets Privilege Escalation Vulnerability in the imgsys Component

Vulnerability

Impact

Remediation

Affected Products

MediaTek MT6897

MediaTek MT6989

MediaTek MT8196

MediaTek MT8796

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating