Out of Bounds Write Vulnerability in DA by MediaTek
CVE-2025-20656

6.8MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6781, Mt6789, Mt6835, Mt6855, Mt6878, Mt6879, Mt6886, Mt6895, Mt6897, Mt6983, Mt6985, Mt6989, Mt6990, Mt8196, Mt8370, Mt8390
Vendor: CVE Published:; 7 April 2025

Summary

In MediaTek's DA, an out of bounds write due to a missing bounds check can allow for local escalation of privilege. An attacker with physical access to the device could exploit this vulnerability without needing additional execution privileges. User interaction is not required for the exploitation to occur, emphasizing the need for immediate attention and remediation to protect affected devices.

Affected Version(s)

MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6886, MT6895, MT6897, MT6983, MT6985, MT6989, MT6990, MT8196, MT8370, MT8390 Android 12.0, 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Nov 1, 2024