SB2025110309 - Multiple vulnerabilities in MediaTek chipsets
Published: November 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20731)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
2) Stack-based buffer overflow (CVE-ID: CVE-2025-20749)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to a missing bounds check within charger. A local application can perform service disruption.
3) Buffer overflow (CVE-ID: CVE-2025-20748)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
4) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20741)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
5) Stack-based buffer overflow (CVE-ID: CVE-2025-20747)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within gnss. A local application can perform service disruption.
6) Stack-based buffer overflow (CVE-ID: CVE-2025-20746)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within gnss. A local application can perform service disruption.
7) Stack-based buffer overflow (CVE-ID: CVE-2025-20739)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
8) Stack-based buffer overflow (CVE-ID: CVE-2025-20738)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
9) Stack-based buffer overflow (CVE-ID: CVE-2025-20736)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
10) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20734)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
11) Stack-based buffer overflow (CVE-ID: CVE-2025-20732)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
12) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20729)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.
13) Out-of-bounds write (CVE-ID: CVE-2025-20727)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a heap buffer overflow within Modem. A local application can execute arbitrary code.
14) Use After Free (CVE-ID: CVE-2025-20745)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within apusys. A local application can perform service disruption.
15) Use After Free (CVE-ID: CVE-2025-20744)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within pda. A local application can perform service disruption.
16) Use After Free (CVE-ID: CVE-2025-20743)
The vulnerability allows a local application to perform service disruption.
The vulnerability exists due to use after free within clkdbg. A local application can perform service disruption.
17) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20742)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
18) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-20740)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a race condition within wlan. A local application can execute arbitrary code.
19) Stack-based buffer overflow (CVE-ID: CVE-2025-20737)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
20) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20735)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
21) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20733)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
22) Improper Authentication (CVE-ID: CVE-2025-20730)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an insecure default value within preloader. A local application can execute arbitrary code.
23) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20728)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.
24) Out-of-bounds write (CVE-ID: CVE-2025-20725)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within ims service. A local application can execute arbitrary code.
25) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20726)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to an incorrect bounds check within Modem. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.