Primary

Context

MediaTek Chipsets Out-of-Bounds Write Vulnerability in PCIe Component Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in the PCIe component of certain MediaTek chipsets, allowing for a possible out-of-bounds write due to a missing bounds check. This vulnerability could lead to local escalation of privileges, particularly for an actor who has already obtained system privileges. Exploitation does not require user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to elevated privileges, potentially allowing a user to perform actions or access resources that are normally restricted.

Remediation

MediaTek has issued patches for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch can be obtained through the MediaTek contact person for device OEMs.

Added: Mar 2, 2026, 9:38 AM

Updated: Mar 2, 2026, 2:37 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

2.8

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

2.8

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Chipsets Out-of-Bounds Write Vulnerability in PCIe Component Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

MediaTek MT6991

MediaTek MT6993

MediaTek MT8188

MediaTek MT8678

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating