SB2026050486 - Multiple vulnerabilities in MediaTek chipsets (May 2026)

Description

This security bulletin contains information about 5 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2026-20447)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to out-of-bounds read in geniezone when handling crafted local input. A local user can trigger the vulnerable condition to escalate privileges.

2) Improper Handling of Insufficient Permissions or Privileges (CVE-ID: CVE-2026-20448)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper handling of insufficient permissions or privileges in geniezone when performing privileged operations. A local user can invoke the vulnerable functionality to escalate privileges.

3) Heap-based buffer overflow (CVE-ID: CVE-2026-20449)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in modem when processing crafted local input. A local user can trigger the vulnerable condition to cause a denial of service.

4) Reachable assertion (CVE-ID: CVE-2026-20450)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to reachable assertion in modem when handling error conditions. A local user can trigger the vulnerable condition to cause a denial of service.

5) Type Confusion (CVE-ID: CVE-2026-20451)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to type confusion in slbc when processing crafted local input. A local user can trigger an out-of-bounds write to cause a denial of service.

Remediation

Install update from vendor's website.

References