In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Mediatek
  • Mt2718
  • Mt6761
  • Mt6765
  • Mt6768
  • Mt6853
  • Mt6855
  • Mt6877
  • Mt6878
  • Mt6879
  • Mt6883
  • Mt6885
  • Mt6889
  • Mt6893
  • Mt6897
  • Mt6989
  • Mt6991
  • Mt8186
  • Mt8196
  • Mt8391
  • Mt8678
  • Mt8775
  • Mt8786
  • Mt8788e
  • Mt8792
  • Mt8796
  • Mt8873
  • Mt8883
  • Mt8893
  • Power Hal

No data.

No data.

References
Link Providers
https://corp.mediatek.com/product-security-bulletin/August-2025 cve-icon cve-icon
History

Tue, 12 Aug 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt2718
Mediatek mt6761
Mediatek mt6765
Mediatek mt6768
Mediatek mt6853
Mediatek mt6855
Mediatek mt6877
Mediatek mt6878
Mediatek mt6879
Mediatek mt6883
Mediatek mt6885
Mediatek mt6889
Mediatek mt6893
Mediatek mt6897
Mediatek mt6989
Mediatek mt6991
Mediatek mt8186
Mediatek mt8196
Mediatek mt8391
Mediatek mt8678
Mediatek mt8775
Mediatek mt8786
Mediatek mt8788e
Mediatek mt8792
Mediatek mt8796
Mediatek mt8873
Mediatek mt8883
Mediatek mt8893
Mediatek power Hal
Vendors & Products Mediatek
Mediatek mt2718
Mediatek mt6761
Mediatek mt6765
Mediatek mt6768
Mediatek mt6853
Mediatek mt6855
Mediatek mt6877
Mediatek mt6878
Mediatek mt6879
Mediatek mt6883
Mediatek mt6885
Mediatek mt6889
Mediatek mt6893
Mediatek mt6897
Mediatek mt6989
Mediatek mt6991
Mediatek mt8186
Mediatek mt8196
Mediatek mt8391
Mediatek mt8678
Mediatek mt8775
Mediatek mt8786
Mediatek mt8788e
Mediatek mt8792
Mediatek mt8796
Mediatek mt8873
Mediatek mt8883
Mediatek mt8893
Mediatek power Hal

Mon, 04 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 Aug 2025 02:15:00 +0000

Type Values Removed Values Added
Description In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.
Weaknesses CWE-787
References
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2025-08-04T01:49:48.567Z

Updated: 2025-08-05T03:56:07.647Z

Reserved: 2024-11-01T01:21:50.381Z

Link: CVE-2025-20697

cve-icon Vulnrichment

Updated: 2025-08-04T20:38:19.622Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-04T02:15:26.863

Modified: 2025-08-04T21:15:29.723

Link: CVE-2025-20697

cve-icon Redhat

No data.