IoT Yocto 2025 Security Bulletin Published
Product Security Bulletin contains details of security vulnerabilities affecting MediaTek IoT Yocto devices. Device OEMs should regularly review and update all the issues of the corresponding security patches before publication.
December 2025
November 2025
October 2025
September 2025
August 2025
July 2025
June 2025
May 2025
April 2025
March 2025
CVE-2025-20648
Title |
Out-of-bounds read in apu |
Severity |
Medium |
Vulnerability Type |
ID |
CWE |
CWE-125 Out-of-bounds Read |
Description |
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
Affected Chipsets |
MT8395,MT8390,MT8370 |
References |
Commit 1c41e2f0 |
February 2025
CVE-2024-20147
Title |
Reachable assertion in Bluetooth |
Severity |
Medium |
Vulnerability Type |
DoS |
CWE |
CWE-617 Reachable Assertion |
Description |
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
Affected Chipsets |
MT8395,MT8390,MT8370 |
References |
Commit 1e3764e4 |