Local Privilege Escalation in Bluetooth Technology by MediaTek
CVE-2022-20041

7.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt8167, Mt8175, Mt8183, Mt8362a, Mt8365, Mt8385
Vendor: CVE Published:; 9 February 2022

Summary

A security vulnerability in Bluetooth technology from MediaTek allows for local privilege escalation due to a missing permission check. This issue can be exploited without requiring any user interaction and does not necessitate additional execution privileges. The vulnerability poses significant risks as it enables unauthorized users to potentially gain elevated access on affected devices. Mitigation measures include applying the necessary security patches provided by MediaTek to safeguard your systems.

Affected Version(s)

MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385 Android 8.1, 9.0, 10.0, 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/Febru...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Oct 12, 2021