CVE-2026-20447

/* * Conceptual Proof of Concept for Missing Bounds Check * This demonstrates the concept of accessing memory outside allocated buffer bounds. */ #include <stdio.h> #include <stdlib.h> void vulnerable_function(char* input, int size) { char buffer[10]; // Missing bounds check here: copying 'size' bytes into a 10-byte buffer for (int i = 0; i < size; i++) { buffer[i] = input[i]; // Potential buffer overflow if size > 10 } printf("Buffer processed.\n"); } int main() { char large_input[20]; // Simulate attacker-controlled input for(int i=0; i<20; i++) large_input[i] = 'A'; // Trigger the vulnerability with size larger than buffer vulnerable_function(large_input, 20); return 0; }

{"cve": {"id": "CVE-2026-20447", "sourceIdentifier": "[email protected]", "published": "2026-05-04T07:15:58.450", "lastModified": "2026-05-07T12:43:25.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "16EF9082-FC9B-4790-A79D-AA62C62E4B88"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "524AB96D-4C15-47A6-B276-6B873796E8F3"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "07F67D59-75F0-4056-BCCE-F7888912CAB3"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEBA484A-EC07-4D3D-80CD-BDE9E7807F71"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E495B8EB-C9B5-4F32-AEE2-D2C41C0B292B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9DD2119-39E8-4A9C-8E2A-8FB7F92A1001"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAEB2240-FF37-4CBE-BBEF-8A8281153646"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E92BE0-5E65-4770-8E1A-0E5D07A38164"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt8196_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE7B4BD3-A945-4C45-8E76-CEE2ADE2001E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:mediatek:mt8367_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32C24935-B6E6-4923-B81C-D29BBEED2B3C"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:mediatek:mt8367:-:*:*:*:*:*:*:*", "matchCriteriaId": "A28FA947-314F-465B-8ADD-F7973F02D82A"}]}]}, {"operator": "AND ... (truncated)