SB2026011318 - Multiple vulnerabilities in Lenovo Mediatek tablets

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026011318

SB2026011318 - Multiple vulnerabilities in Lenovo Mediatek tablets

Published: January 13, 2026

Security Bulletin ID SB2026011318
Severity
Low
Patch available
NO
Number of vulnerabilities 9
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2025-20730)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an insecure default value within preloader. A local application can execute arbitrary code.


2) Use After Free (CVE-ID: CVE-2025-20743)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free within clkdbg. A local application can perform service disruption.


3) Use After Free (CVE-ID: CVE-2025-20745)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free within apusys. A local application can perform service disruption.


4) Stack-based buffer overflow (CVE-ID: CVE-2025-20746)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within gnss. A local application can perform service disruption.


5) Stack-based buffer overflow (CVE-ID: CVE-2025-20747)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within gnss. A local application can perform service disruption.


6) Stack-based buffer overflow (CVE-ID: CVE-2025-20749)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within charger. A local application can perform service disruption.


7) Out-of-bounds write (CVE-ID: CVE-2025-20727)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a heap buffer overflow within Modem. A local application can execute arbitrary code.


8) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20726)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within Modem. A local application can execute arbitrary code.


9) Out-of-bounds write (CVE-ID: CVE-2025-20725)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within ims service. A local application can execute arbitrary code.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References