Out of Bounds Write Vulnerability in MediaTek Products
CVE-2022-20075

6.7MEDIUM

Key Information:

Vendor
MediaTek
Status
Mt6580, Mt6731, Mt6735, Mt6750s, Mt6753, Mt6755s, Mt6757, Mt6757c, Mt6757cd, Mt6757ch, Mt6761, Mt6762, Mt6763, Mt6765, Mt6768, Mt6769, Mt6771, Mt6779, Mt6781, Mt6785, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893, Mt8127, Mt8135, Mt8163, Mt8167, Mt8167s, Mt8168, Mt8173, Mt8175, Mt8176, Mt8183, Mt8312c, Mt8312d, Mt8321, Mt8362a, Mt8365, Mt8382, Mt8385, Mt8389, Mt8392, Mt8392 90, Mt8665, Mt8685, Mt8693, Mt8735, Mt8735b, Mt8735m, Mt8752, Mt8765, Mt8783, Mt8785, Mt8788
Vendor
CVE Published:
11 April 2022

Summary

An out of bounds write vulnerability exists within the ged component due to an integer overflow, potentially allowing a local attacker to escalate privileges. This vulnerability does not require user interaction for exploitation, resulting in system execution privileges being achievable. It is critical for users of affected MediaTek products to apply the relevant patches to mitigate any associated risks.

Affected Version(s)

MT6580, MT6731, MT6735, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8135, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8312C, MT8312D, MT8321, MT8362A, MT8365, MT8382, MT8385, MT8389, MT8392, MT8392_90, MT8665, MT8685, MT8693, MT8735, MT8735B, MT8735M, MT8752, MT8765, MT8783, MT8785, MT8788 Android 10.0, 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/April...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.