Out of Bounds Write Vulnerability in Mediatek Bluetooth Products
CVE-2022-20028

7.8HIGH

Key Information:

Vendor
MediaTek
Vendor
CVE Published:
9 February 2022

Summary

In Bluetooth systems developed by Mediatek, there exists a vulnerability characterized by a possible out of bounds write due to a missing bounds check. This issue allows for local escalation of privilege without requiring additional execution privileges or user interaction for exploitation. Prompt attention through available patches is advised to mitigate potential risks.

Affected Version(s)

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 Android 8.1, 9.0, 10.0, 11.0, 12.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.