15.0

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

google

NVD

Published: 2025-05-05

Updated: 2025-05-07

Summary

In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 14.0 Google Android 15.0	2
Hardware	Mediatek Mediatek Mt2718 - Mediatek Mt6878 - Mediatek Mt6897 - Mediatek Mt6899 - Mediatek Mt6989 - Mediatek Mt6991 - Mediatek Mt8196 - Mediatek Mt8391 - Mediatek Mt8676 - Mediatek Mt8678 -	10

References

https://corp.mediatek.com/product-security-bulletin/May-2025