Login Sign Up

CVE-2025-20780

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free memory corruption vulnerability in display components that could allow local privilege escalation. Attackers who already have System privilege can exploit this without user interaction to gain higher privileges. The vulnerability affects MediaTek devices with specific display drivers.

💻 Affected Systems

Products:
  • MediaTek devices with specific display drivers
Versions: Specific versions not detailed in CVE; affected versions are those before patch ALPS10184061
Operating Systems: Android-based systems using MediaTek chipsets
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in display driver components; exact device models not specified in CVE description.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing attackers to install persistent malware, steal sensitive data, or disable security controls.

🟠

Likely Case

Local privilege escalation from System to kernel or higher privileges, enabling further lateral movement within the device.

🟢

If Mitigated

Limited impact if proper privilege separation and memory protection mechanisms are in place, though exploitation risk remains.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring initial System access.
🏢 Internal Only: HIGH - Once an attacker gains System access through other means, this vulnerability enables significant privilege escalation within affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires System privilege first, then triggers use-after-free in display components. No user interaction needed once initial access achieved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: ALPS10184061

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2026

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply MediaTek patch ALPS10184061. 3. Reboot device after patch installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Restrict System Privilege Access

android

Limit which applications and users can obtain System privilege to reduce attack surface.

Disable Unnecessary Display Features

android

Disable advanced display features that may trigger vulnerable code paths.

🧯 If You Can't Patch

  • Implement strict application sandboxing to limit System privilege access
  • Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against MediaTek security bulletin; examine display driver versions for pre-patch components.

Check Version:

adb shell getprop ro.build.fingerprint (for Android devices)

Verify Fix Applied:

Verify patch ALPS10184061 is applied through device firmware version checks and security patch level.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs related to display drivers
  • Privilege escalation attempts in security logs
  • Memory corruption errors in system logs

Network Indicators:

  • Unusual outbound connections following local privilege escalation

SIEM Query:

source="kernel" AND ("display" OR "use-after-free" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2025-20780
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: January 6, 2026
Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20780, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)