Information Disclosure Vulnerability in MediaTek Cmdq Driver
CVE-2022-20029

4.4MEDIUM

Key Information:

Vendor

MediaTek
Status
Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6785, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893, Mt8163, Mt8167, Mt8168, Mt8173, Mt8175, Mt8183, Mt8321, Mt8362a, Mt8365, Mt8385, Mt8735b, Mt8765, Mt8766, Mt8768, Mt8786, Mt8788, Mt8791, Mt8797
Vendor
CVE Published:
9 February 2022

What is CVE-2022-20029?

The cmdq driver from MediaTek has a vulnerability that allows for a potential out-of-bounds read due to an incorrect bounds check. This flaw could lead to local information disclosure that requires system execution privileges for exploitation. Importantly, no user interaction is needed to execute the attack, making this a notable risk for users of affected MediaTek products. A patch addressing this vulnerability has been identified and must be applied to mitigate the potential threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8163, MT8167, MT8168, MT8173, MT8175, MT8183, MT8321, MT8362A, MT8365, MT8385, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797 Android 10.0, 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/Febru...
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.