Out of Bounds Write Vulnerability in Mediatek Bluetooth Products
CVE-2022-20028
7.8HIGH
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 9 February 2022
Summary
In Bluetooth systems developed by Mediatek, there exists a vulnerability characterized by a possible out of bounds write due to a missing bounds check. This issue allows for local escalation of privilege without requiring additional execution privileges or user interaction for exploitation. Prompt attention through available patches is advised to mitigate potential risks.
Affected Version(s)
MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 Android 8.1, 9.0, 10.0, 11.0, 12.0
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved