Total
99 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20801 | 2 Google, Mediatek | 11 Android, Mt6878, Mt6897 and 8 more | 2026-01-12 | N/A | 7.0 HIGH |
|
In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.
|
|||||
| CVE-2025-20786 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-12 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
|
|||||
| CVE-2025-20781 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-12 | N/A | 7.8 HIGH |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.
|
|||||
| CVE-2025-20775 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-12 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
|
|||||
| CVE-2025-20773 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2026-01-12 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
|
|||||
| CVE-2025-20772 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2026-01-12 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
|
|||||
| CVE-2025-20778 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 7.8 HIGH |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.
|
|||||
| CVE-2025-20779 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 7.0 HIGH |
|
In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.
|
|||||
| CVE-2025-20780 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 7.8 HIGH |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.
|
|||||
| CVE-2025-20782 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.
|
|||||
| CVE-2025-20783 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.
|
|||||
| CVE-2025-20784 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.
|
|||||
| CVE-2025-20785 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.
|
|||||
| CVE-2025-20787 | 2 Google, Mediatek | 31 Android, Mt2718, Mt6739 and 28 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.
|
|||||
| CVE-2025-20795 | 2 Google, Mediatek | 55 Android, Mt2718, Mt6580 and 52 more | 2026-01-08 | N/A | 7.8 HIGH |
|
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.
|
|||||
| CVE-2025-20799 | 2 Google, Mediatek | 5 Android, Mt6899, Mt6991 and 2 more | 2026-01-08 | N/A | 7.8 HIGH |
|
In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049.
|
|||||
| CVE-2025-20800 | 2 Google, Mediatek | 7 Android, Mt2718, Mt6899 and 4 more | 2026-01-08 | N/A | 7.8 HIGH |
|
In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033.
|
|||||
| CVE-2025-20803 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.
|
|||||
| CVE-2025-20804 | 2 Google, Mediatek | 3 Android, Mt6899, Mt6991 | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.
|
|||||
| CVE-2025-20805 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.
|
|||||
| CVE-2025-20806 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.
|
|||||
| CVE-2025-20807 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.
|
|||||
| CVE-2025-20754 | 1 Mediatek | 64 Mt2735, Mt2737, Mt6813 and 61 more | 2025-12-04 | N/A | 5.3 MEDIUM |
|
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
|
|||||
| CVE-2025-20758 | 1 Mediatek | 64 Mt2735, Mt2737, Mt6813 and 61 more | 2025-12-03 | N/A | 4.9 MEDIUM |
|
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
|
|||||
| CVE-2025-20763 | 2 Google, Mediatek | 28 Android, Mt6833, Mt6835 and 25 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.
|
|||||
| CVE-2025-20764 | 2 Google, Mediatek | 34 Android, Mt6739, Mt6761 and 31 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.
|
|||||
| CVE-2025-20766 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.
|
|||||
| CVE-2025-20767 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.
|
|||||
| CVE-2025-20768 | 2 Google, Mediatek | 26 Android, Mt6739, Mt6761 and 23 more | 2025-12-03 | N/A | 7.8 HIGH |
|
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.
|
|||||
| CVE-2025-20769 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.
|
|||||
| CVE-2025-20770 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
|
|||||
| CVE-2025-20777 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
|
|||||
| CVE-2025-20776 | 2 Google, Mediatek | 46 Android, Mt6739, Mt6761 and 43 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
|
|||||
| CVE-2025-20774 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
|
|||||
| CVE-2025-20771 | 2 Google, Mediatek | 32 Android, Mt2718, Mt6739 and 29 more | 2025-12-03 | N/A | 6.7 MEDIUM |
|
In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
|
|||||
| CVE-2025-20726 | 1 Mediatek | 89 Lr12a, Mt2735, Mt2737 and 86 more | 2025-11-05 | N/A | 7.5 HIGH |
|
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
|
|||||
| CVE-2025-20730 | 5 Google, Linuxfoundation, Mediatek and 2 more | 36 Android, Yocto, Mt2737 and 33 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.
|
|||||
| CVE-2025-20743 | 2 Google, Mediatek | 54 Android, Mt2718, Mt6761 and 51 more | 2025-11-05 | N/A | 4.2 MEDIUM |
|
In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10136671; Issue ID: MSV-4651.
|
|||||
| CVE-2025-20744 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2025-11-05 | N/A | 4.2 MEDIUM |
|
In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542.
|
|||||
| CVE-2025-20746 | 6 Google, Linuxfoundation, Mediatek and 3 more | 23 Android, Yocto, Mt2718 and 20 more | 2025-11-05 | N/A | 6.7 MEDIUM |
|
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.
|
|||||