SB2025070835 - Multiple vulnerabilities in MediaTek chipsets
Published: July 8, 2025 Updated: July 18, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2025-20689)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.
2) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2025-20695)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an uncaught exception within Bluetooth. A local application can perform service disruption.
3) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2025-20694)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an uncaught exception within Bluetooth. A local application can perform service disruption.
4) Out-of-bounds read (CVE-ID: CVE-2025-20693)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.
5) Out-of-bounds read (CVE-ID: CVE-2025-20692)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.
6) Out-of-bounds read (CVE-ID: CVE-2025-20691)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.
7) Out-of-bounds read (CVE-ID: CVE-2025-20690)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.
8) Out-of-bounds read (CVE-ID: CVE-2025-20688)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.
9) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20680)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within Bluetooth. A local application can execute arbitrary code.
10) Out-of-bounds read (CVE-ID: CVE-2025-20687)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within Bluetooth. A local application can perform service disruption.
11) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20686)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
12) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20685)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
13) Out-of-bounds write (CVE-ID: CVE-2025-20684)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
14) Out-of-bounds write (CVE-ID: CVE-2025-20683)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
15) Out-of-bounds write (CVE-ID: CVE-2025-20682)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
16) Out-of-bounds write (CVE-ID: CVE-2025-20681)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.