MAE OOB Write Race Local Escalation (MediaTek)
CVE-2026-20438 Published on March 2, 2026
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.
Vulnerability Analysis
CVE-2026-20438 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a TOCTTOU Vulnerability?
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.
CVE-2026-20438 has been classified to as a TOCTTOU vulnerability or weakness.
Affected Versions
MediaTek, Inc. MediaTek chipset:- Version MT2718 is affected.
- Version MT6899 is affected.
- Version MT6991 is affected.
- Version MT8168 is affected.
- Version MT8169 is affected.
- Version MT8186 is affected.
- Version MT8188 is affected.
- Version MT8678 is affected.
- Version MT8695 is affected.
- Version MT8696 is affected.
- Version MT8793 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.