CVE-2026-20455

Vulnerability

An out-of-bounds write vulnerability exists in the geniezone component of certain MediaTek chipsets due to a missing bounds check [1]. Affected chipsets include MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6835, MT6853, and others [1]. The vulnerability is classified as CWE-787 (Out-of-bounds Write) and has a High severity rating [1].

Exploitation

Exploitation requires that the attacker already possesses System privileges on the device [1]. No user interaction is needed [1]. The attacker can trigger the out-of-bounds write by sending a crafted input to the geniezone component, leading to memory corruption.

Impact

Successful exploitation allows an attacker with System privileges to escalate their privileges further, potentially gaining full control over the affected device [1]. The out-of-bounds write can corrupt memory, leading to arbitrary code execution at the highest privilege level.

Mitigation

MediaTek has released a patch (ALPS10873936) for this issue [1]. The patch is included in the June 2026 Product Security Bulletin and has been provided to device OEMs at least two months prior to publication [1]. Users should apply the latest firmware updates from their device manufacturer. No workarounds are mentioned.