Primary

Context

MediaTek Chipsets Privilege Escalation Vulnerability in PCIe Component

Vulnerability

A vulnerability allowing local privilege escalation has been identified in the PCIe component of certain MediaTek chipsets. This issue arises from a possible out-of-bounds write caused by a missing bounds check, which could be exploited by an actor who has already gained system privileges. The vulnerability does not require user interaction for exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user with system privileges to gain elevated rights or access.

Remediation

MediaTek has issued patches for this vulnerability, which can be applied by device OEMs. Instructions for accessing these patches are available through MediaTek's official channels.

Added: Feb 2, 2026, 9:24 AM

Updated: Feb 2, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

1.8

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

1.8

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MediaTek Chipsets Privilege Escalation Vulnerability in PCIe Component

Vulnerability

Impact

Remediation

Affected Products

MediaTek MT6991

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating