Login Sign Up

CVE-2025-20784

6.7 MEDIUM

📋 TL;DR

This CVE describes a memory corruption vulnerability in display components due to uninitialized data. It allows local privilege escalation if an attacker already has System privilege, requiring no user interaction. Affects systems using vulnerable MediaTek display components.

💻 Affected Systems

Products:
  • MediaTek display components/drivers
Versions: Specific versions not provided in CVE; check MediaTek advisory for details
Operating Systems: Android/Linux systems with MediaTek chipsets
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using vulnerable MediaTek display components; exact device models not specified in CVE description.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing installation of persistent malware, data theft, and disabling of security controls.

🟠

Likely Case

Local privilege escalation from System to kernel/root privileges, enabling further system manipulation and persistence.

🟢

If Mitigated

Limited impact if proper privilege separation and kernel hardening are implemented, though still a serious local vulnerability.

🌐 Internet-Facing: LOW - Requires local access and System privilege, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or attackers who have already compromised System accounts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires System privilege as prerequisite; memory corruption vulnerabilities can be complex to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patch ID: ALPS10182882

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2026

Restart Required: Yes

Instructions:

1. Check MediaTek advisory for affected devices. 2. Apply patch ALPS10182882. 3. Reboot device. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict System Privilege Access

all

Limit which users/processes have System privilege to reduce attack surface

Review and audit System privilege assignments
Implement least privilege principle

🧯 If You Can't Patch

  • Implement strict access controls to limit System privilege to essential processes only
  • Monitor for unusual privilege escalation attempts and kernel-level activities

🔍 How to Verify

Check if Vulnerable:

Check device specifications and kernel/driver versions against MediaTek advisory; look for unpatched display components

Check Version:

Check with device manufacturer for specific version verification commands

Verify Fix Applied:

Verify patch ALPS10182882 is applied through system update logs or vendor verification tools

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation attempts
  • Kernel/driver crash logs related to display components
  • Unauthorized System privilege usage

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Search for: 'privilege escalation', 'display driver crash', 'kernel panic' in system logs

📊 Metadata

CVE ID: CVE-2025-20784
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-457
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: January 6, 2026
Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20784, you might also want to check these:

CVE-2025-54874 9.8

This vulnerability in OpenJPEG allows an attacker to write data beyond allocated heap memory boundar...

Same vulnerability type (CWE-457)
CVE-2022-40510 9.8

CVE-2022-40510 is a critical memory corruption vulnerability in Qualcomm audio components that allow...

Same vulnerability type (CWE-457)
CVE-2022-21217 9.8

CVE-2022-21217 is a critical out-of-bounds write vulnerability in Reolink RLC-410W IP cameras that a...

Same vulnerability type (CWE-457)