MediaTek Mt6989
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in MediaTek Mt6989.
By the Year
In 2026 there have been 44 vulnerabilities in MediaTek Mt6989 with an average score of 6.7 out of ten. Last year, in 2025 Mt6989 had 45 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mt6989 in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.12.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 44 | 6.73 |
| 2025 | 45 | 6.60 |
| 2024 | 1 | 9.80 |
It may take a day or so for new Mt6989 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent MediaTek Mt6989 Security Vulnerabilities
MediaTek MDDP race condition may crash system (local DoS)
CVE-2026-20445
4.4 - Medium
- March 02, 2026
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.
TOCTTOU
Out of Bounds Read in MediaTek Display Driver Enables Local Info Disclosure
CVE-2026-20429
4.4 - Medium
- March 02, 2026
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535.
Out-of-bounds Read
Mediatek Display Driver LPE via Bounds Check Overflow
CVE-2026-20444
6.7 - Medium
- March 02, 2026
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
Memory Corruption
MediaTek Display Driver Use-After-Free Enables Local Priv Escalation
CVE-2026-20443
6.7 - Medium
- March 02, 2026
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.
Dangling pointer
MediaTek Display Driver UAF: Local DoS via Use-After-Free
CVE-2026-20442
4.4 - Medium
- March 02, 2026
In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723.
Dangling pointer
MediaTek Preloader Local Info Disclosure via UID Exposure
CVE-2026-20435
4.6 - Medium
- March 02, 2026
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
Insufficiently Protected Credentials
Out-of-bounds write in MediaTek Modem firmware leads to privilege escalation
CVE-2026-20434
7.5 - High
- March 02, 2026
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.
Memory Corruption
MediaTek Display Driver OOB Write Local Privilege Escalation
CVE-2026-20428
6.7 - Medium
- March 02, 2026
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.
Memory Corruption
MediaTek Display Driver Priv Escalation via Bounds Check
CVE-2026-20427
6.7 - Medium
- March 02, 2026
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.
Memory Corruption
MediaTek Display Driver OOB Write Enables Local PrivEsc
CVE-2026-20426
6.7 - Medium
- March 02, 2026
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.
Memory Corruption
MediaTek Display Driver OOB Write Escalation
CVE-2026-20425
6.7 - Medium
- March 02, 2026
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.
Memory Corruption
Uncaught Exception in WLAN AP/STA Firmware Enables Remote DoS
CVE-2026-20419
6.5 - Medium
- February 02, 2026
In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.
Improper Check for Unusual or Exceptional Conditions
Microsoft imgsys Local DS via Improper Locking
CVE-2026-20415
5.5 - Medium
- February 02, 2026
In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.
Double-free
Local PrivEsc via UAF in imgsys (CVE-2026-20414)
CVE-2026-20414
6.7 - Medium
- February 02, 2026
In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.
Dangling pointer
Local Escalation via OOB Write in cameraisp (Windows)
CVE-2026-20412
7.8 - High
- February 02, 2026
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.
Memory Corruption
MediaTek cameraisp Use-After-Free Priv Escalation (CVE-2026-20411)
CVE-2026-20411
7.8 - High
- February 02, 2026
In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.
Dangling pointer
MediaTek Imgsys OOB Write Priv Esc
CVE-2026-20410
6.7 - Medium
- February 02, 2026
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.
Memory Corruption
MediaTek imgsys OOB Write in imgsys Leads to Local Priv Escalation
CVE-2026-20409
7.8 - High
- February 02, 2026
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
Memory Corruption
Mediatek Modem Uncaught Exception Allows Remote DoS (CVE-2026-20406)
CVE-2026-20406
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
Allocation of Resources Without Limits or Throttling
MediaTek Modem Remote DoS via Missing Bounds Check
CVE-2026-20405
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
assertion failure
MediaTek Modem Remote DoS via Improper Input Validation
CVE-2026-20404
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
Memory Corruption
MediaTek Modem BoC Remote DoS (CVE-2026-20403)
CVE-2026-20403
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
Memory Corruption
MediaTek Modem Input Validation Flaw Causing RDoS (CVE-2026-20422)
CVE-2026-20422
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.
assertion failure
MediaTek Modem Firmware DoS via Error Handling Crash
CVE-2026-20420
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
Out-of-bounds Read
MediaTek Display Driver UAF leads to local privilege escalation
CVE-2025-20787
6.7 - Medium
- January 06, 2026
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.
Dangling pointer
Use-After-Free in MediaTek Display Driver Enables Local Priv Escalation
CVE-2025-20786
6.7 - Medium
- January 06, 2026
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
Dangling pointer
MediaTek Display Driver Use-After-Free Enables Local Priv Esc
CVE-2025-20785
6.7 - Medium
- January 06, 2026
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.
Dangling pointer
MediaTek Display Driver Memory Corruption Priv Escalation
CVE-2025-20784
6.7 - Medium
- January 06, 2026
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.
Use of Uninitialized Variable
MediaTek Display Driver OOB Write PrivEsc
CVE-2025-20783
6.7 - Medium
- January 06, 2026
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.
Memory Corruption
MediaTek Display Driver OOB Write Unchecked Bounds (Local PrivEsc)
CVE-2025-20782
6.7 - Medium
- January 06, 2026
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.
Memory Corruption
MediaTek Display Driver UAF Memory Corruption Enables Priv Escalation
CVE-2025-20781
7.8 - High
- January 06, 2026
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.
Dangling pointer
MediaTek Display Driver UAF causes privilege escalation
CVE-2025-20780
7.8 - High
- January 06, 2026
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.
Dangling pointer
Use-after-free in MediaTek Display Driver Enables Local Priv Esc
CVE-2025-20779
7 - High
- January 06, 2026
In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.
Dangling pointer
MediaTek Display Driver OOB Write Priv Esc Vulnerability
CVE-2025-20778
7.8 - High
- January 06, 2026
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.
Memory Corruption
Memory Corruption in MediaTek seninf Allows Local Priv Escalation
CVE-2025-20801
7 - High
- January 06, 2026
In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.
Race Condition
MediaTek mminfra OOB Write Local Priv Escalation
CVE-2025-20800
7.8 - High
- January 06, 2026
In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033.
Memory Corruption
MediaTek Battery OOB Write Escalation
CVE-2025-20798
7.8 - High
- January 06, 2026
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533.
Memory Corruption
MediaTek Battery Driver OOB Write Escalation (CVE-2025-20797)
CVE-2025-20797
7.8 - High
- January 06, 2026
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534.
Stack Overflow
MediaTek imgSys OOB Write PrivEsc
CVE-2025-20796
7.8 - High
- January 06, 2026
In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553.
Improper Validation of Specified Index, Position, or Offset in Input
MediaTek Modem: Uninitialized Heap Data Read -> Remote DoS (CVE-2025-20760)
CVE-2025-20760
6.5 - Medium
- January 06, 2026
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.
assertion failure
MediaTek Modem Remote DoS via Rogue Base Station Error Handling
CVE-2025-20761
6.5 - Medium
- January 06, 2026
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.
Improper Check for Unusual or Exceptional Conditions
MediaTek Modem R-DoS via Crash
CVE-2025-20793
6.5 - Medium
- January 06, 2026
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
NULL Pointer Dereference
MediaTek Modem RDoS via Improper Input Validation
CVE-2025-20794
6.5 - Medium
- January 06, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
Stack Overflow
MediaTek KeyInstall OOB Write Vulnerability (CVE-2025-20795)
CVE-2025-20795
7.8 - High
- January 06, 2026
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.
Memory Corruption
Local Priv Escalation: OOB Write in Win Display Engine
CVE-2025-20777
6.7 - Medium
- December 02, 2025
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
Memory Corruption
Windows Display Driver OOB Read leads to local privilege escalation
CVE-2025-20776
6.7 - Medium
- December 02, 2025
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
Out-of-bounds Read
MSV-4795: UAF in Windows Display leads to Local Priv Escalation
CVE-2025-20775
6.7 - Medium
- December 02, 2025
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
Dangling pointer
MS Windows Display Driver OOB Write PrivEsc
CVE-2025-20774
6.7 - Medium
- December 02, 2025
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
Heap-based Buffer Overflow
ALPS display driver UAF CVE-2025-20773 - local privilege escalation
CVE-2025-20773
6.7 - Medium
- December 02, 2025
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
Dangling pointer
Microsoft Windows Display Driver Memory Corruption Use-After-Free
CVE-2025-20772
6.7 - Medium
- December 02, 2025
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for MediaTek Mt6989 or by MediaTek? Click the Watch button to subscribe.
