Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20754 | 1 Mediatek | 64 Mt2735, Mt2737, Mt6813 and 61 more | 2025-12-04 | N/A | 5.3 MEDIUM |
| In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840. | |||||
| CVE-2025-20756 | 1 Mediatek | 38 Mt2735, Mt6833, Mt6833p and 35 more | 2025-12-03 | N/A | 5.3 MEDIUM |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643. | |||||
| CVE-2025-20758 | 1 Mediatek | 64 Mt2735, Mt2737, Mt6813 and 61 more | 2025-12-03 | N/A | 4.9 MEDIUM |
| In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647. | |||||
| CVE-2025-20759 | 1 Mediatek | 46 Mt2735, Mt2737, Mt6833 and 43 more | 2025-12-03 | N/A | 6.5 MEDIUM |
| In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650. | |||||
| CVE-2025-20777 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752. | |||||
| CVE-2025-20776 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759. | |||||
| CVE-2025-20775 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
| In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795. | |||||
| CVE-2025-20727 | 1 Mediatek | 89 Lr12a, Mt2735, Mt2737 and 86 more | 2025-11-05 | N/A | 7.5 HIGH |
| In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623. | |||||
| CVE-2025-20725 | 1 Mediatek | 72 Lr12a, Mt2735, Mt2737 and 69 more | 2025-11-05 | N/A | 7.5 HIGH |
| In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620. | |||||
| CVE-2025-20726 | 1 Mediatek | 89 Lr12a, Mt2735, Mt2737 and 86 more | 2025-11-05 | N/A | 7.5 HIGH |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622. | |||||
| CVE-2025-20743 | 2 Google, Mediatek | 54 Android, Mt2718, Mt6761 and 51 more | 2025-11-05 | N/A | 4.2 MEDIUM |
| In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10136671; Issue ID: MSV-4651. | |||||
| CVE-2025-20703 | 1 Mediatek | 62 Mt2735, Mt2737, Mt6813 and 59 more | 2025-09-03 | N/A | 7.5 HIGH |
| In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708. | |||||
| CVE-2025-20708 | 1 Mediatek | 63 Mt2735, Mt2737, Mt6813 and 60 more | 2025-09-03 | N/A | 8.1 HIGH |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131. | |||||
| CVE-2025-20678 | 1 Mediatek | 94 Lr12a, Lr13, Mt6739 and 91 more | 2025-07-10 | N/A | 7.5 HIGH |
| In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739. | |||||
| CVE-2024-20132 | 1 Mediatek | 18 Mt2737, Mt6298, Mt6879 and 15 more | 2025-06-25 | N/A | 6.7 MEDIUM |
| In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872. | |||||
| CVE-2024-20013 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-20 | N/A | 6.7 MEDIUM |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | |||||
| CVE-2023-32889 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-18 | N/A | 7.5 HIGH |
| In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895). | |||||
| CVE-2023-32882 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-18 | N/A | 6.7 MEDIUM |
| In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. | |||||
| CVE-2023-32881 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-18 | N/A | 4.4 MEDIUM |
| In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080. | |||||
| CVE-2023-32879 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-18 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. | |||||