Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
MAE: Malicious access to sensitive data with system privileges
CVE-2026-20438
Summary
A bug in MAE could allow an attacker with system privileges to access sensitive data. This could happen if an attacker already has high-level access, but could potentially gain even more. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 15.0 | – |
Original title
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User intera...
Original description
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.
nvd CVSS3.1
6.4
Vulnerability type
CWE-367
- https://corp.mediatek.com/product-security-bulletin/March-2026 Vendor Advisory
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026