.. spelling:word-list:: imgsys .. include:: /keyword.rst ============================================= |IOT-YOCTO| 2025 Security Bulletin Published ============================================= Product Security Bulletin contains details of security vulnerabilities affecting MediaTek |IOT-YOCTO| devices. Device OEMs should regularly review and update all the issues of the corresponding security patches before publication. .. contents:: Sections :local: :depth: 2 December 2025 --------------- November 2025 --------------- CVE-2025-20745 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Use after free in apusys" "Severity", "Medium" "Vulnerability Type", "EoP" "CWE", "CWE-416 Use After Free" "Description", "In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `014f7258 `_ " "Affected Chipsets", "MT8391" "References", "Commit `26f701cd `_ " October 2025 --------------- CVE-2025-20721 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Out-of-bounds write in imgsensor" "Severity", "Medium" "Vulnerability Type", "EoP" "CWE", "CWE-787 Out-of-bounds Write" "Description", "In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `d23002c9 `_ (rity-scarthgap), `30dc4f2d `_ (rity-kirkstone)" September 2025 --------------- August 2025 --------------- July 2025 --------------- CVE-2025-20694 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Buffer underflow in Bluetooth" "Severity", "Medium" "Vulnerability Type", "DoS" "CWE", "CWE-124 Buffer Underflow" "Description", "In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `bbd2087a `_ (rity-scarthgap), `9e83165f `_ (rity-kirkstone)" June 2025 --------------- May 2025 --------------- April 2025 --------------- March 2025 --------------- CVE-2025-20648 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Out-of-bounds read in apu" "Severity", "Medium" "Vulnerability Type", "ID" "CWE", "CWE-125 Out-of-bounds Read" "Description", "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `1c41e2f0 `_ " February 2025 --------------- CVE-2024-20147 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Reachable assertion in Bluetooth" "Severity", "Medium" "Vulnerability Type", "DoS" "CWE", "CWE-617 Reachable Assertion" "Description", "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `1e3764e4 `_ " January 2025 ---------------