MediaTek Modem Heap Overflow Enables Remote DoS
CVE-2026-20449 Published on May 4, 2026
In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.
Vulnerability Analysis
Weakness Type
What is a Classic Buffer Overflow Vulnerability?
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the "classic" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.
CVE-2026-20449 has been classified to as a Classic Buffer Overflow vulnerability or weakness.
Affected Versions
MediaTek, Inc. MediaTek chipset:- Version MT2735 is affected.
- Version MT2737 is affected.
- Version MT6739 is affected.
- Version MT6761 is affected.
- Version MT6762 is affected.
- Version MT6763 is affected.
- Version MT6765 is affected.
- Version MT6767 is affected.
- Version MT6768 is affected.
- Version MT6769 is affected.
- Version MT6771 is affected.
- Version MT6779 is affected.
- Version MT6781 is affected.
- Version MT6783 is affected.
- Version MT6785 is affected.
- Version MT6789 is affected.
- Version MT6813 is affected.
- Version MT6815 is affected.
- Version MT6833 is affected.
- Version MT6835 is affected.
- Version MT6853 is affected.
- Version MT6855 is affected.
- Version MT6858 is affected.
- Version MT6873 is affected.
- Version MT6875 is affected.
- Version MT6877 is affected.
- Version MT6878 is affected.
- Version MT6879 is affected.
- Version MT6880 is affected.
- Version MT6883 is affected.
- Version MT6885 is affected.
- Version MT6886 is affected.
- Version MT6889 is affected.
- Version MT6890 is affected.
- Version MT6891 is affected.
- Version MT6893 is affected.
- Version MT6895 is affected.
- Version MT6896 is affected.
- Version MT6897 is affected.
- Version MT6899 is affected.
- Version MT6980 is affected.
- Version MT6983 is affected.
- Version MT6985 is affected.
- Version MT6986D is affected.
- Version MT6988 is affected.
- Version MT6989 is affected.
- Version MT6990 is affected.
- Version MT6991 is affected.
- Version MT6993 is affected.
- Version MT8668 is affected.
- Version MT8673 is affected.
- Version MT8675 is affected.
- Version MT8676 is affected.
- Version MT8678 is affected.
- Version MT8755 is affected.
- Version MT8771 is affected.
- Version MT8775 is affected.
- Version MT8791 is affected.
- Version MT8791T is affected.
- Version MT8792 is affected.
- Version MT8793 is affected.
- Version MT8795T is affected.
- Version MT8797 is affected.
- Version MT8798 is affected.
- Version MT8863 is affected.
- Version MT8873 is affected.
- Version MT8883 is affected.
- Version MT8893 is affected.