.. spelling:word-list:: imgsys .. include:: /keyword.rst ============================================= |IOT-YOCTO| 2025 Security Bulletin Published ============================================= Product Security Bulletin contains details of security vulnerabilities affecting MediaTek |IOT-YOCTO| devices. Device OEMs should regularly review and update all the issues of the corresponding security patches before publication. .. contents:: Sections :local: :depth: 2 December 2025 --------------- November 2025 --------------- October 2025 --------------- September 2025 --------------- August 2025 --------------- July 2025 --------------- June 2025 --------------- May 2025 --------------- April 2025 --------------- March 2025 --------------- CVE-2025-20648 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Out-of-bounds read in apu" "Severity", "Medium" "Vulnerability Type", "ID" "CWE", "CWE-125 Out-of-bounds Read" "Description", "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `1c41e2f0 `_ " February 2025 --------------- CVE-2024-20147 ^^^^^^^^^^^^^^^ .. csv-table:: :widths: 10, 30 "Title", "Reachable assertion in Bluetooth" "Severity", "Medium" "Vulnerability Type", "DoS" "CWE", "CWE-617 Reachable Assertion" "Description", "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." "Affected Chipsets", "MT8395,MT8390,MT8370" "References", "Commit `1e3764e4 `_ " January 2025 ---------------