SB2025120160 - Multiple vulnerabilities in MediaTek chipsets
Published: December 1, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Use of Uninitialized Variable (CVE-ID: CVE-2025-20766)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper input validation within display. A local application can perform service disruption.
2) Insertion of Sensitive Information Into Sent Data (CVE-ID: CVE-2025-20789)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within GPU pdma. A local application can perform service disruption.
3) Improper Access Control for Register Interface (CVE-ID: CVE-2025-20788)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing permission check within GPU pdma. A local application can perform service disruption.
4) Out-of-bounds write (CVE-ID: CVE-2025-20777)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within display. A local application can perform service disruption.
5) Out-of-bounds read (CVE-ID: CVE-2025-20776)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within display. A local application can gain access to sensitive information.
6) Double Free (CVE-ID: CVE-2025-20775)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within display. A local application can perform service disruption.
7) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20774)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within display. A local application can perform service disruption.
8) Double Free (CVE-ID: CVE-2025-20773)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within display. A local application can perform service disruption.
9) Double Free (CVE-ID: CVE-2025-20772)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within display. A local application can perform service disruption.
10) Use of Uninitialized Variable (CVE-ID: CVE-2025-20771)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper input validation within display. A local application can perform service disruption.
11) Use After Free (CVE-ID: CVE-2025-20770)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within display. A local application can perform service disruption.
12) Stack-based buffer overflow (CVE-ID: CVE-2025-20769)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within display. A local application can perform service disruption.
13) Out-of-bounds read (CVE-ID: CVE-2025-20768)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within display. A local application can gain access to sensitive information.
14) Out-of-bounds write (CVE-ID: CVE-2025-20767)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an integer overflow within display. A local application can perform service disruption.
15) Double Free (CVE-ID: CVE-2025-20765)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a race condition within aee daemon. A local application can perform service disruption.
16) Reachable Assertion (CVE-ID: CVE-2025-20792)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.
17) Out-of-bounds write (CVE-ID: CVE-2025-20764)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within smi. A local application can perform service disruption.
18) Out-of-bounds write (CVE-ID: CVE-2025-20763)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within mmdvfs. A local application can perform service disruption.
19) NULL Pointer Dereference (CVE-ID: CVE-2025-20750)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.
20) Out-of-bounds write (CVE-ID: CVE-2025-20751)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Modem. A local application can execute arbitrary code.
21) Reachable Assertion (CVE-ID: CVE-2025-20791)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to incorrect error handling within Modem. A local application can execute arbitrary code.
22) Reachable Assertion (CVE-ID: CVE-2025-20752)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Modem. A local application can execute arbitrary code.
23) Improper Validation of Specified Type of Input (CVE-ID: CVE-2025-20756)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a logic error within Modem. A local application can execute arbitrary code.
24) Reachable Assertion (CVE-ID: CVE-2025-20757)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.
25) Uncaught Exception (CVE-ID: CVE-2025-20758)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an uncaught exception within Modem. A local application can execute arbitrary code.
26) Out-of-bounds read (CVE-ID: CVE-2025-20759)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within Modem. A local application can gain access to sensitive information.
27) NULL Pointer Dereference (CVE-ID: CVE-2025-20790)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.
28) NULL Pointer Dereference (CVE-ID: CVE-2025-20755)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within Modem. A local application can execute arbitrary code.
29) Uncaught Exception (CVE-ID: CVE-2025-20754)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within Modem. A local application can execute arbitrary code.
30) Uncaught Exception (CVE-ID: CVE-2025-20753)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an uncaught exception within Modem. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.