{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20446", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.013Z", "datePublished": "2026-04-07T03:25:39.747Z", "dateUpdated": "2026-04-07T13:02:15.541Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-04-07T03:25:39.747Z"}, "descriptions": [{"lang": "en", "value": "In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT6813", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T13:02:11.913705Z", "id": "CVE-2026-20446", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T13:02:15.541Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20446", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T13:02:11.913705Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T13:02:07.185Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT6813"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-04-07T03:25:39.747Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20446", "state": "PUBLISHED", "dateUpdated": "2026-04-07T13:02:15.541Z", "dateReserved": "2025-11-03T01:30:59.013Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-04-07T03:25:39.747Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6813_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E1CB25C-4643-4239-AE47-B5AE876416ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899."}], "id": "CVE-2026-20446", "lastModified": "2026-04-07T15:43:45.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T04:17:13.797", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/April-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@mediatek.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6813"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "MediaTek chipset", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mediatek_chipset", "vendor": "mediatek"}], "analysis": {"en": {"generated_at": "2026-04-07T22:53:21.587050+00:00", "value": {"mitigation_remediation": ["Apply the vendor-provided firmware patch ALPS09963054"], "summary": {"action": "Apply Patch", "impact": "Local Denial of Service"}, "threat_synthesis": {"affected_systems": "MediaTek chipsets, specifically the MT6813 hardware and its firmware. Devices using these components are vulnerable and require updating of the secure boot firmware.", "description_and_impact": "An integer overflow in the secure boot process can cause an out\u2011of\u2011bounds write, permitting an attacker with user execution privileges to trigger a denial of service. The weakness is consistent with CWE\u2011190 (Integer Overflow) and CWE\u2011787 (Out\u2011of\u2011Bounds Write). The impact is a local service disruption or reboot of the device, compromising availability for the user.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% reflects a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires physical access to the device and user\u2011level privileges, but no additional user interaction is needed. In environments where devices are exposed to potential physical security risks, the risk is elevated however overall exploitation probability remains low."}}}}, "created": "2026-04-08T19:38:32.603314+00:00", "title": "Integer Overflow in Secure Boot Leading to Local Denial of Service", "updated": "2026-04-08T19:50:09.251880+00:00", "vendors": ["mediatek", "mediatek$PRODUCT$mediatek_chipset"]}