- Description
- In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
- Source
- security@mediatek.com
- NVD status
- Analyzed
- Products
- yocto, rdk-b, android, openwrt, mt6781, mt6789, mt6835, mt6855, mt6878, mt6879, mt6886, mt6895, mt6897, mt6983, mt6985, mt6989, mt6990, mt8196, mt8370, mt8390
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Beautiful heap overflow writeup on mediatek download agent. Chimera’s “secret sauce” was heapb8 - usb size mismatch letting you corrupt chunk headers for arbitrary write. works on dimensity 9400/8400, patched as CVE-2025-20656/20658. full chain in penumbra now #MediaTek #i
@Wh1teCoon
1 Feb 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-20656 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to … https://t.co/D9VxyvenxD
@CVEnew
7 Apr 2025
389 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB397DA1-62B3-48FD-B694-9FDA4DA25EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
"matchCriteriaId": "AED95D06-8EC6-4070-BE3C-E0F851D7FFC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]