Summary: MediaTek has released its March 2025 Product Security Bulletin, highlighting multiple security vulnerabilities affecting a wide array of its chipsets across various devices. Among the ten vulnerabilities identified, three are categorized as high severity, which could allow for denial of service and privilege escalation attacks. MediaTek has already provided patches to device manufacturers ahead of the bulletin’s release, advising users to update their devices promptly.
Affected: MediaTek chipsets (smartphones, tablets, AIoT devices, smart displays, OTT hardware, computer vision platforms, audio systems, smart televisions)
Keypoints :
- Ten vulnerabilities identified, with three rated as high severity.
- CVE-2025-20644 can lead to remote denial of service via modem memory corruption.
- CVE-2025-20645 allows for local privilege escalation through KeyInstall’s bounds checks.
- CVE-2025-20646 enables remote escalation of privilege through WLAN firmware vulnerabilities.
- Many popular chipset lines are affected, prompting immediate action from device manufacturers.
- Patches have been provided to OEMs prior to the bulletin’s publication for timely updates.
- Users are encouraged to install the latest security updates as they become available.
Source: https://securityonline.info/10-new-vulnerabilities-found-in-mediatek-chipsets/