Out of Bounds Read Vulnerability in MediaTek V5 DA
CVE-2025-20652

4.6MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6580, Mt6739, Mt6761, Mt6765, Mt6768, Mt6771, Mt6779, Mt6781, Mt6785, Mt6833, Mt6853, Mt6873, Mt6877, Mt6885, Mt6893, Mt8167, Mt8167s, Mt8175, Mt8185, Mt8195, Mt8321, Mt8362a, Mt8365, Mt8385, Mt8395, Mt8666, Mt8667, Mt8673, Mt8675, Mt8678, Mt8765, Mt8766, Mt8768, Mt8771, Mt8775, Mt8781, Mt8786, Mt8788, Mt8789, Mt8791t, Mt8795t, Mt8797, Mt8798, Mt8893
Vendor: CVE Published:; 3 March 2025

Summary

The vulnerability in MediaTek's V5 DA arises from a missing bounds check, potentially allowing an attacker with physical access to the device to conduct an out of bounds read. This flaw could lead to unauthorized local information disclosure, but it requires user interaction to exploit. Patching is available under Patch ID: ALPS09291215 and Issue ID: MSV-2052.

Affected Version(s)

MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893 Android 13.0, 14.0, 15.0

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Nov 1, 2024