SB2026011316 - Multiple vulnerabilities in Lenovo Mediatek tablets

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026011316

SB2026011316 - Multiple vulnerabilities in Lenovo Mediatek tablets

Published: January 13, 2026

Security Bulletin ID SB2026011316
CSH Severity
Low
Patch available
NO
Number of vulnerabilities 29
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 29 vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2025-20769)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within display. A local application can perform service disruption.


2) Reachable Assertion (CVE-ID: CVE-2025-20791)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to incorrect error handling within Modem. A local application can execute arbitrary code.


3) NULL Pointer Dereference (CVE-ID: CVE-2025-20790)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.


4) Insertion of Sensitive Information Into Sent Data (CVE-ID: CVE-2025-20789)

CWE-ID: CWE-201 - Insertion of Sensitive Information Into Sent Data

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within GPU pdma. A local application can perform service disruption.


5) Improper Access Control for Register Interface (CVE-ID: CVE-2025-20788)

CWE-ID: CWE-1262 - Improper Access Control for Register Interface

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing permission check within GPU pdma. A local application can perform service disruption.


6) Out-of-bounds write (CVE-ID: CVE-2025-20777)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within display. A local application can perform service disruption.


7) Out-of-bounds read (CVE-ID: CVE-2025-20776)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within display. A local application can gain access to sensitive information.


8) Double Free (CVE-ID: CVE-2025-20775)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free within display. A local application can perform service disruption.


9) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20774)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within display. A local application can perform service disruption.


10) Double Free (CVE-ID: CVE-2025-20773)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free within display. A local application can perform service disruption.


11) Double Free (CVE-ID: CVE-2025-20772)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free within display. A local application can perform service disruption.


12) Use of Uninitialized Variable (CVE-ID: CVE-2025-20771)

CWE-ID: CWE-457 - Use of Uninitialized Variable

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to improper input validation within display. A local application can perform service disruption.


13) Use After Free (CVE-ID: CVE-2025-20770)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free within display. A local application can perform service disruption.


14) Out-of-bounds read (CVE-ID: CVE-2025-20768)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within display. A local application can gain access to sensitive information.


15) NULL Pointer Dereference (CVE-ID: CVE-2025-20750)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.


16) Out-of-bounds write (CVE-ID: CVE-2025-20767)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an integer overflow within display. A local application can perform service disruption.


17) Use of Uninitialized Variable (CVE-ID: CVE-2025-20766)

CWE-ID: CWE-457 - Use of Uninitialized Variable

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to improper input validation within display. A local application can perform service disruption.


18) Double Free (CVE-ID: CVE-2025-20765)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a race condition within aee daemon. A local application can perform service disruption.


19) Out-of-bounds write (CVE-ID: CVE-2025-20764)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within smi. A local application can perform service disruption.


20) Out-of-bounds write (CVE-ID: CVE-2025-20763)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within mmdvfs. A local application can perform service disruption.


21) Out-of-bounds read (CVE-ID: CVE-2025-20759)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within Modem. A local application can gain access to sensitive information.


22) Uncaught Exception (CVE-ID: CVE-2025-20758)

CWE-ID: CWE-248 - Uncaught Exception

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an uncaught exception within Modem. A local application can execute arbitrary code.


23) Reachable Assertion (CVE-ID: CVE-2025-20757)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.


24) Improper Validation of Specified Type of Input (CVE-ID: CVE-2025-20756)

CWE-ID: CWE-1287 - Improper Validation of Specified Type of Input

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a logic error within Modem. A local application can execute arbitrary code.


25) NULL Pointer Dereference (CVE-ID: CVE-2025-20755)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.


26) Uncaught Exception (CVE-ID: CVE-2025-20754)

CWE-ID: CWE-248 - Uncaught Exception

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within Modem. A local application can execute arbitrary code.


27) Uncaught Exception (CVE-ID: CVE-2025-20753)

CWE-ID: CWE-248 - Uncaught Exception

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an uncaught exception within Modem. A local application can execute arbitrary code.


28) Reachable Assertion (CVE-ID: CVE-2025-20752)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A local application can execute arbitrary code.


29) Out-of-bounds write (CVE-ID: CVE-2025-20751)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A local application can execute arbitrary code.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References