CVE-2026-20433

Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

CVSS breakdown

Affected products

• MediaTek, Inc. / MediaTek chipsetMT2735 – MT2735
• MediaTek, Inc. / MediaTek chipsetMT2737 – MT2737
• MediaTek, Inc. / MediaTek chipsetMT6813 – MT6813
• MediaTek, Inc. / MediaTek chipsetMT6833 – MT6833
• MediaTek, Inc. / MediaTek chipsetMT6833P – MT6833P
• MediaTek, Inc. / MediaTek chipsetMT6835 – MT6835
• MediaTek, Inc. / MediaTek chipsetMT6835T – MT6835T
• MediaTek, Inc. / MediaTek chipsetMT6853 – MT6853
• MediaTek, Inc. / MediaTek chipsetMT6853T – MT6853T
• MediaTek, Inc. / MediaTek chipsetMT6855 – MT6855
• MediaTek, Inc. / MediaTek chipsetMT6855T – MT6855T
• MediaTek, Inc. / MediaTek chipsetMT6873 – MT6873
• MediaTek, Inc. / MediaTek chipsetMT6875 – MT6875
• MediaTek, Inc. / MediaTek chipsetMT6875T – MT6875T
• MediaTek, Inc. / MediaTek chipsetMT6877 – MT6877
• MediaTek, Inc. / MediaTek chipsetMT6877T – MT6877T
• MediaTek, Inc. / MediaTek chipsetMT6877TT – MT6877TT
• MediaTek, Inc. / MediaTek chipsetMT6878 – MT6878
• MediaTek, Inc. / MediaTek chipsetMT6878M – MT6878M
• MediaTek, Inc. / MediaTek chipsetMT6879 – MT6879
• MediaTek, Inc. / MediaTek chipsetMT6880 – MT6880
• MediaTek, Inc. / MediaTek chipsetMT6883 – MT6883
• MediaTek, Inc. / MediaTek chipsetMT6885 – MT6885
• MediaTek, Inc. / MediaTek chipsetMT6886 – MT6886
• MediaTek, Inc. / MediaTek chipsetMT6889 – MT6889
• MediaTek, Inc. / MediaTek chipsetMT6890 – MT6890
• MediaTek, Inc. / MediaTek chipsetMT6891 – MT6891
• MediaTek, Inc. / MediaTek chipsetMT6893 – MT6893
• MediaTek, Inc. / MediaTek chipsetMT6895 – MT6895
• MediaTek, Inc. / MediaTek chipsetMT6895TT – MT6895TT
• MediaTek, Inc. / MediaTek chipsetMT6896 – MT6896
• MediaTek, Inc. / MediaTek chipsetMT6897 – MT6897
• MediaTek, Inc. / MediaTek chipsetMT6899 – MT6899
• MediaTek, Inc. / MediaTek chipsetMT6980 – MT6980
• MediaTek, Inc. / MediaTek chipsetMT6980D – MT6980D
• MediaTek, Inc. / MediaTek chipsetMT6983 – MT6983
• MediaTek, Inc. / MediaTek chipsetMT6983T – MT6983T
• MediaTek, Inc. / MediaTek chipsetMT6985 – MT6985
• MediaTek, Inc. / MediaTek chipsetMT6985T – MT6985T
• MediaTek, Inc. / MediaTek chipsetMT6989 – MT6989
• MediaTek, Inc. / MediaTek chipsetMT6989T – MT6989T
• MediaTek, Inc. / MediaTek chipsetMT6990 – MT6990
• MediaTek, Inc. / MediaTek chipsetMT6991 – MT6991
• MediaTek, Inc. / MediaTek chipsetMT8668 – MT8668
• MediaTek, Inc. / MediaTek chipsetMT8673 – MT8673
• MediaTek, Inc. / MediaTek chipsetMT8675 – MT8675
• MediaTek, Inc. / MediaTek chipsetMT8676 – MT8676
• MediaTek, Inc. / MediaTek chipsetMT8678 – MT8678
• MediaTek, Inc. / MediaTek chipsetMT8755 – MT8755
• MediaTek, Inc. / MediaTek chipsetMT8771 – MT8771
• MediaTek, Inc. / MediaTek chipsetMT8775 – MT8775
• MediaTek, Inc. / MediaTek chipsetMT8791 – MT8791
• MediaTek, Inc. / MediaTek chipsetMT8791T – MT8791T
• MediaTek, Inc. / MediaTek chipsetMT8792 – MT8792
• MediaTek, Inc. / MediaTek chipsetMT8793 – MT8793
• MediaTek, Inc. / MediaTek chipsetMT8795T – MT8795T
• MediaTek, Inc. / MediaTek chipsetMT8797 – MT8797
• MediaTek, Inc. / MediaTek chipsetMT8798 – MT8798
• MediaTek, Inc. / MediaTek chipsetMT8863 – MT8863
• MediaTek, Inc. / MediaTek chipsetMT8873 – MT8873
• MediaTek, Inc. / MediaTek chipsetMT8883 – MT8883
• MediaTek, Inc. / MediaTek chipsetMT8893 – MT8893

References

• MISChttps://corp.mediatek.com/product-security-bulletin/April-2026