CVE-2026-20454

6.4 MEDIUM

In geniezone, there is a possible out of bounds write due to a race condition

Published: 2026-06-01 · Last updated: 2026-06-01

Severity and scoring

CVSS: 6.4 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-367

Affected products

Vendor	Product
mediatek	mt6739_firmware, mt6761_firmware, mt6765_firmware

Description

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-20454
[Vendor advisory]https://corp.mediatek.com/product-security-bulletin/June-2026

Related CVEs

Same vendor

CVE-2026-20456 — In wlan STA driver, there is a possible system crash due to a missing bounds check (5.5 MEDIUM)
CVE-2026-20455 — In geniezone, there is a possible out of bounds write due to a missing bounds check (7.8 HIGH)
CVE-2026-20453 — In geniezone, there is a possible out of bounds write due to a missing bounds check (6.7 MEDIUM)
CVE-2026-20452 — In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow (8.0 HIGH)

Same CWE

CVE-2026-54228 — A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method (7.8 HIGH)
CVE-2026-53838 — OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approv... (9.8 CRITICAL)
CVE-2026-53831 — OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expan... (8.3 HIGH)
CVE-2026-53822 — OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution (8.8 HIGH)
CVE-2026-54055 — Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)