SB2026020265 - Multiple vulnerabilities in MediaTek chipsets

Main Vulnerability Database SB2026020265

SB2026020265 - Multiple vulnerabilities in MediaTek chipsets

Published: February 2, 2026

Security Bulletin ID SB2026020265

Severity

Low

Patch available

YES

Number of vulnerabilities 21

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 21 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2026-20410)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check in imgsys subcomponent. A local application can perform service disruption.

2) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2026-20419)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an uncaught exception in wlan subcomponent. A local application can perform service disruption.

3) Out-of-bounds write (CVE-ID: CVE-2026-20418)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check in Thread subcomponent. A local application can perform service disruption.

4) Out-of-bounds write (CVE-ID: CVE-2026-20417)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check in pcie subcomponent. A local application can perform service disruption.

5) Double Free (CVE-ID: CVE-2026-20415)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to improper locking in imgsys subcomponent. A local application can perform service disruption.

6) Use After Free (CVE-ID: CVE-2026-20414)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free in imgsys subcomponent. A local application can perform service disruption.

7) Improper Validation of Specified Index, Position, or Offset in Input (CVE-ID: CVE-2026-20413)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check in imgsys subcomponent. A local application can perform service disruption.

8) Out-of-bounds write (CVE-ID: CVE-2026-20412)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check in cameraisp subcomponent. A local application can perform service disruption.

9) Use After Free (CVE-ID: CVE-2026-20411)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to use after free in cameraisp subcomponent. A local application can perform service disruption.

10) Out-of-bounds write (CVE-ID: CVE-2026-20409)

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check in imgsys subcomponent. A local application can perform service disruption.

11) Out-of-bounds read (CVE-ID: CVE-2026-20420)

The vulnerability allows a local application to perform a denial of service attack.

The vulnerability exists due to incorrect error handling in modem subcomponent. A local application can perform a denial of service attack.

12) Heap-based Buffer Overflow (CVE-ID: CVE-2026-20408)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a heap buffer overflow in wlan subcomponent. A local application can execute arbitrary code.

13) Out-of-bounds write (CVE-ID: CVE-2026-20407)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check in wlan subcomponent. A local application can execute arbitrary code.

14) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-20406)

The vulnerability allows a local application to perform a denial of service attack.

The vulnerability exists due to an uncaught exception in modem subcomponent. A local application can crash the system.

15) Reachable Assertion (CVE-ID: CVE-2026-20405)

The vulnerability allows a local application to perform a denial of service attack.

The vulnerability exists due to a missing bounds check in modem subcomponent. A local application can crash the system.

16) Out-of-bounds write (CVE-ID: CVE-2026-20404)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in modem subcomponent. A local application can execute arbitrary code.

17) Out-of-bounds write (CVE-ID: CVE-2026-20403)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check in modem subcomponent. A local application can execute arbitrary code.

18) Reachable Assertion (CVE-ID: CVE-2026-20422)

The vulnerability allows a local application to perform a denial of service attack.

The vulnerability exists due to improper input validation in modem subcomponent. A local application can crash the system.

19) Out-of-bounds read (CVE-ID: CVE-2026-20421)

The vulnerability allows a local application to perform a denial of service attack.

The vulnerability exists due to improper input validation in modem subcomponent. A local application can crash the system.

20) Out-of-bounds write (CVE-ID: CVE-2026-20402)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in modem subcomponent. A local application can execute arbitrary code.

21) Reachable Assertion (CVE-ID: CVE-2026-20401)

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an uncaught exception in modem subcomponent. A local application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://corp.mediatek.com/product-security-bulletin/February-2026

Vulnerable Software